<FILENAME filename="index.html"><html><head><title>The Kleopatra Handbook</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="description" content="Kleopatra is a tool for managing X.509 and OpenPGP certificates."><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="next" href="introduction.html" title="Chapter 1. Introduction"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> The <span class="application">Kleopatra</span> Handbook</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="introduction.html">Next</a></td></tr></table></div><div id="contentBody"><div lang="en" class="book"><div class="titlepage"><div><div><h1 class="title"><a name="kleopatra"></a>The <span class="application">Kleopatra</span> Handbook</h1></div><div><div class="authorgroup"><p class="author"><span class="firstname">Marc</span> <span class="surname">Mutz</span> <code class="email"><marc@kdab.net></code></p><span class="othercredit"><span class="contrib">Developer</span>: <span class="firstname">David</span> <span class="surname">Faure</span><br></span><span class="othercredit"><span class="contrib">Developer</span>: <span class="firstname">Steffen</span> <span class="surname">Hansen</span><br></span><span class="othercredit"><span class="contrib">Developer</span>: <span class="firstname">Matthias Kalle</span> <span class="surname">Dalheimer</span><br></span><span class="othercredit"><span class="contrib">Developer</span>: <span class="firstname">Jesper</span> <span class="surname">Pedersen</span><br></span><span class="othercredit"><span class="contrib">Developer</span>: <span class="firstname">Daniel</span> <span class="surname">Molkentin</span><br></span></div></div><div>Revision <span class="releaseinfo">2.1.1 (<span class="orgname">KDE<br></span> 4.11) (<span class="date">2013-07-04</span>)</span></div><div><p>This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.</p><p>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.</p><p>You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.</p></div><div><div><div class="abstract"><p> <span class="application">Kleopatra</span> is a tool for managing <a class="ulink" href="https://en.wikipedia.org/wiki/X.509" target="_top"><acronym class="acronym">X.509</acronym></a> and <a class="ulink" href="https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP" target="_top"><acronym class="acronym">OpenPGP</acronym></a> certificates. </p></div></div></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="chapter"><a href="introduction.html">1. Introduction</a></span></dt><dt><span class="chapter"><a href="functions.html">2. Main Functions</a></span></dt><dd><dl><dt><span class="sect1"><a href="functions.html#functions-view">Viewing the Local Keybox</a></span></dt><dt><span class="sect1"><a href="functions-search.html">Searching and Importing Certificates</a></span></dt><dt><span class="sect1"><a href="functions-newkey.html">Creating New Key Pairs</a></span></dt><dd><dl><dt><span class="sect2"><a href="functions-newkey.html#key-revoke">Revoking a key</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="menu.html">3. Menu Reference</a></span></dt><dd><dl><dt><span class="sect1"><a href="menu.html#menufile">File Menu</a></span></dt><dt><span class="sect1"><a href="menuview.html">View Menu</a></span></dt><dt><span class="sect1"><a href="menucertificates.html">Certificates Menu</a></span></dt><dt><span class="sect1"><a href="menutools.html">Tools Menu</a></span></dt><dt><span class="sect1"><a href="menusettings.html">Settings Menu</a></span></dt><dt><span class="sect1"><a href="menuwindow.html">Window Menu</a></span></dt><dt><span class="sect1"><a href="menuhelp.html">Help Menu</a></span></dt></dl></dd><dt><span class="chapter"><a href="commandline-options.html">4. Command Line Options Reference</a></span></dt><dt><span class="chapter"><a href="configuration.html">5. Configuring <span class="application">Kleopatra</span></a></span></dt><dd><dl><dt><span class="sect1"><a href="configuration.html#configuration-directory-services">Configuring Directory Services</a></span></dt><dt><span class="sect1"><a href="configuration-appearance.html">Configuring Appearance</a></span></dt><dd><dl><dt><span class="sect2"><a href="configuration-appearance.html#configuration-appearance-tooltips">Configuring <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Tooltips</span></span></a></span></dt><dt><span class="sect2"><a href="configuration-appearance.html#configuration-appearance-certificate-filters">Configuring <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Certificate Categories</span></span></a></span></dt><dt><span class="sect2"><a href="configuration-appearance.html#configuration-dn-order">Configuring <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">DN-Attribute Order</span></span></a></span></dt></dl></dd><dt><span class="sect1"><a href="configuration-crypto-operations.html">Configuring Crypto Operations</a></span></dt><dd><dl><dt><span class="sect2"><a href="configuration-crypto-operations.html#configuration-crypto-operations-email">Configuring <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">EMail Operations</span></span></a></span></dt><dt><span class="sect2"><a href="configuration-crypto-operations.html#configuration-crypto-operations-file">Configuring <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">File Operations</span></span></a></span></dt></dl></dd><dt><span class="sect1"><a href="configuration-smime-validation.html">Configuring aspects of S/<acronym class="acronym">MIME</acronym> Validation</a></span></dt><dd><dl><dt><span class="sect2"><a href="configuration-smime-validation.html#configuration-smime-validation-interval-checking">Configuring interval certificate checking</a></span></dt><dt><span class="sect2"><a href="configuration-smime-validation.html#configuration-smime-validation-method">Configuring validation method</a></span></dt><dt><span class="sect2"><a href="configuration-smime-validation.html#configuration-smime-validation-options">Configuring validation options</a></span></dt><dt><span class="sect2"><a href="configuration-smime-validation.html#configuration-smime-validation-http-options">Configuring <acronym class="acronym">HTTP</acronym> request options</a></span></dt><dt><span class="sect2"><a href="configuration-smime-validation.html#configuration-smime-validation-ldap-options">Configuring <acronym class="acronym">LDAP</acronym> request options</a></span></dt></dl></dd><dt><span class="sect1"><a href="configuration-gnupg-system.html">Configuring the <span class="application">GnuPG</span> System</a></span></dt></dl></dd><dt><span class="chapter"><a href="admin.html">6. Administrator's Guide</a></span></dt><dd><dl><dt><span class="sect1"><a href="admin.html#admin-certificate-request-wizard">Customization of the Certificate-Creation Wizard</a></span></dt><dd><dl><dt><span class="sect2"><a href="admin.html#admin-certificate-request-wizard-dn">Customizing the <acronym class="acronym">DN</acronym> fields</a></span></dt><dt><span class="sect2"><a href="admin.html#admin-certificate-request-wizard-keys">Restricting the Types of Keys a User is Allowed to Create</a></span></dt></dl></dd><dt><span class="sect1"><a href="admin-key-filters.html">Creating and Editing Key Categories</a></span></dt><dt><span class="sect1"><a href="admin-archive-definitions.html">Configuring Archivers for Use with Sign/Encrypt Files</a></span></dt><dd><dl><dt><span class="sect2"><a href="admin-archive-definitions.html#admin-archive-definitions-filename-passing">Input Filename Passing for <code class="literal">pack-command</code></a></span></dt></dl></dd><dt><span class="sect1"><a href="admin-checksum-definitions.html">Configuring Checksum Programs for Use with Create/Verify Checksums</a></span></dt></dl></dd><dt><span class="chapter"><a href="credits-and-license.html">7. Credits and License</a></span></dt></dl></div><div class="list-of-tables"><p><b>List of Tables</b></p><dl><dt>5.1. <a href="configuration-gnupg-system.html#table-gpgconf-types">Mapping From <span class="application">GpgConf</span> Types To <acronym class="acronym">GUI</acronym> Controls</a></dt><dt>6.1. <a href="admin-key-filters.html#table-key-filters-appearance">Key-Filter Configuration Keys Defining Display Properties</a></dt><dt>6.2. <a href="admin-key-filters.html#table-key-filters-criteria">Key-Filter Configuration Keys Defining Filter Criteria</a></dt></dl></div><div class="list-of-examples"><p><b>List of Examples</b></p><dl><dt>6.1. <a href="admin-key-filters.html#idm1898">Examples of key filters</a></dt></dl></div><FILENAME filename="introduction.html"><html><head><title>Chapter 1. Introduction</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="index.html" title="The Kleopatra Handbook"><link rel="prev" href="index.html" title="The Kleopatra Handbook"><link rel="next" href="functions.html" title="Chapter 2. Main Functions"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Introduction</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="index.html">Prev</a></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="functions.html">Next</a></td></tr></table></div><div id="contentBody"><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="introduction"></a>Chapter 1. Introduction</h1></div></div></div><p><span class="application">Kleopatra</span> is the <span class="orgname">KDE</span> tool for managing <a class="ulink" href="https://en.wikipedia.org/wiki/X.509" target="_top"><acronym class="acronym">X.509</acronym></a> and <a class="ulink" href="httpis://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP" target="_top"><acronym class="acronym">OpenPGP</acronym></a> certificates in the <a class="ulink" href="https://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPGSM.html" target="_top"><span class="application">GpgSM</span></a> and <a class="ulink" href="https://en.wikipedia.org/wiki/GNU_Privacy_Guard" target="_top"><span class="application">GPG</span></a> keyboxes and for retrieving certificates from <acronym class="acronym">LDAP</acronym> and other certificate servers.</p><p><span class="application">Kleopatra</span> can be started from <span class="application">KMail</span>'s <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Certificate Manager</span></span> menu, as well as from the command line. The <span class="application">Kleopatra</span> executable is named <strong class="userinput"><code><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>kleopatra</strong></span></span></code></strong>.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This program is named after Cleopatra, a famous female Egyptian pharaoh that lived at the time of Julius Caesar, with whom she had a child, Caesarion, unacknowledged as his heir.</p><p>The name was chosen since this program originates from the <a class="ulink" href="https://www.gnupg.org/aegypten2/" target="_top">Ägypten Projects</a> (Ägypten is German for Egypt). <span class="application">Kleopatra</span> is the German spelling of Cleopatra.</p></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="index.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="functions.html">Next</a></td></tr><tr><td class="prevCell">The <span class="application">Kleopatra</span> Handbook </td><td class="upCell"> </td><td class="nextCell"> Main Functions</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="functions.html"><html><head><title>Chapter 2. Main Functions</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="index.html" title="The Kleopatra Handbook"><link rel="prev" href="introduction.html" title="Chapter 1. Introduction"><link rel="next" href="functions-search.html" title="Searching and Importing Certificates"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Main Functions</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="introduction.html">Prev</a></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="functions-search.html">Next</a></td></tr></table></div><div id="contentBody"><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="functions"></a>Chapter 2. Main Functions</h1></div></div></div><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="functions-view"></a>Viewing the Local Keybox</h2></div></div></div><p><span class="application">Kleopatra</span>'s main function is to display and edit the contents of the local keybox, which is similar to <span class="application">GPG</span>'s concept of keyrings, albeit one should not stretch this analogy too much.</p><p>The main window is divided into the large key listing area consisting of several tabs, the menubar and the <a class="link" href="functions-search.html" title="Searching and Importing Certificates">search bar</a> on top, and a status bar at the bottom.</p><p>Each line in the key list corresponds to one certificate, identified by the so-called <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Subject <acronym class="acronym">DN</acronym></span></span>. <acronym class="acronym">DN</acronym> is an acronym for <span class="quote">“<span class="quote">Distinguished Name</span>”</span>, a hierarchical identifier, much like a file system path with an unusual syntax, that is supposed to globally uniquely identify a given certificate.</p><p>To be valid, and thus usable, (public) keys need to be signed by a <acronym class="acronym">CA</acronym> (Certification Authority). These signatures are called certificates, but usually the terms <span class="quote">“<span class="quote">certificate</span>”</span> and <span class="quote">“<span class="quote">(public) key</span>”</span> are used interchangeably, and we will not distinguish between them in this manual either, except when explicitly noted.</p><p><acronym class="acronym">CA</acronym>s must in turn be signed by other <acronym class="acronym">CA</acronym>s to be valid. Of course, this must end somewhere, so the top-level <acronym class="acronym">CA</acronym> (root-<acronym class="acronym">CA</acronym>) signs its key with itself (this is called a self-signature). Root certificates thus need to be assigned validity (commonly called trust) manually, <abbr class="abbrev">e.g.</abbr> after comparing the fingerprint with the one on the website of the <acronym class="acronym">CA</acronym>. This is typically done by the system administrator or the vendor of a product using certificates, but can be done by the user via <span class="application">GpgSM</span>'s command line interface.</p><p>To see which of the certificates are root certificates, you switch to the hierarchical keylist mode with <a class="xref" href="menuview.html#view-hierarchical-key-list"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Hierarchical Certificate List</span></span></a>.</p><p>You can see the details of any certificate by double-clicking it or using <a class="xref" href="menuview.html#view-certificate-details"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Certificate Details</span></span></a>. This opens a dialog that shows the most common properties of the certificate, its certificate chain (<abbr class="abbrev">i.e.</abbr> the chain of issuers up to the root-<acronym class="acronym">CA</acronym>), and a dump of all information the backend is able to extract from the certificate.</p><p>If you change the keybox without using <span class="application">Kleopatra</span> (<abbr class="abbrev">e.g.</abbr> using <span class="application">GpgSM</span>'s command line interface), you can refresh the view with <a class="xref" href="menuview.html#view-redisplay"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Redisplay</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>F5</strong></span></strong></span>) </a>.</p></div><FILENAME filename="functions-search.html"><html><head><title>Searching and Importing Certificates</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="functions.html" title="Chapter 2. Main Functions"><link rel="prev" href="functions.html" title="Chapter 2. Main Functions"><link rel="next" href="functions-newkey.html" title="Creating New Key Pairs"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Searching and Importing Certificates</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="functions.html">Prev</a></td><td class="upCell">Main Functions</td><td class="nextCell"><a accesskey="n" href="functions-newkey.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="functions-search"></a>Searching and Importing Certificates</h2></div></div></div><p>Most of the time, you will acquire new certificates by verifying signatures in emails, since certificates are embedded in the signatures made using them most of the time. However, if you need to send a mail to someone you have not yet had contact with, you need to fetch the certificate from an <acronym class="acronym">LDAP</acronym> folder (although <a class="ulink" href="https://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPGSM.html#Invoking-GPGSM" target="_top"> <span class="application">GpgSM</span></a> can do this automatically), or from a file. You also need to import your own certificate after receiving the <acronym class="acronym">CA</acronym> answer to your certification request.</p><p>To search for a certificate in an <acronym class="acronym">LDAP</acronym> directory, select <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Lookup Certificates on Server</span></span> and enter some text (<abbr class="abbrev">e.g.</abbr> the name of the person you want the certificate for) into the line edit of the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Keyserver Certificate Lookup</span></span> dialog, then click on the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Search</span></span> button. The results will be displayed in the key list below the search bar, where you can select certificates to look at them by clicking the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Details</span></span> button or download them with <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Import</span></span> into the local keybox.</p><p>You can configure the list of <acronym class="acronym">LDAP</acronym> servers to search in the <a class="link" href="configuration.html#configuration-directory-services" title="Configuring Directory Services"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Directory Services</span></span></a> page of <span class="application">Kleopatra</span>'s configure dialog.</p><p>If you received the certificate as a file, try <a class="xref" href="menu.html#file-import-certificates"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Import Certificates...</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>I</strong></span></strong></span>) </a>. <span class="application">GpgSM</span> needs to understand the format of the certificate file; please refer to <span class="application">GpgSM</span>'s manual for a list of supported file formats.</p><p>If you did not <a class="link" href="functions-newkey.html" title="Creating New Key Pairs">create your keypair with <span class="application">GpgSM</span></a>, you also need to manually import the public key (as well as the secret key) from the PKCS#12 file you got from the <acronym class="acronym">CA</acronym>. You can do this on the command line with <a class="link" href="commandline-options.html#commandline-option-import-certificate"><strong class="userinput"><code><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>kleopatra <span class="option"><code class="option">--import-certificate</code></span> <code class="filename">filename</code></strong></span></span></code></strong></a> or from within <span class="application">Kleopatra</span> with <a class="xref" href="menu.html#file-import-certificates"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Import Certificates...</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>I</strong></span></strong></span>) </a>, just as you would to for <span class="quote">“<span class="quote">normal</span>”</span> certificates.</p></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="functions.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="functions-newkey.html">Next</a></td></tr><tr><td class="prevCell">Main Functions </td><td class="upCell">Main Functions</td><td class="nextCell"> Creating New Key Pairs</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="functions-newkey.html"><html><head><title>Creating New Key Pairs</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="functions.html" title="Chapter 2. Main Functions"><link rel="prev" href="functions-search.html" title="Searching and Importing Certificates"><link rel="next" href="menu.html" title="Chapter 3. Menu Reference"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Creating New Key Pairs</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="functions-search.html">Prev</a></td><td class="upCell">Main Functions</td><td class="nextCell"><a accesskey="n" href="menu.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="functions-newkey"></a>Creating New Key Pairs</h2></div></div></div><p>The menu item <a class="xref" href="menu.html#file-new-key-pair"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">New Certificate...</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>N</strong></span></strong></span>)</a> starts the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Key Pair Creation Wizard</span></span> which will guide you through a number of steps to create a certificate request.</p><p>Whenever you are done with a step in the wizard, press <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Next</span></span> to go to the next step (or <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Back</span></span> to review steps that are already completed). The certificate request creation can be canceled at any time by pressing the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Cancel</span></span> button. </p><p>On the first page of the wizard choose which type of certificate you want to create:</p><div class="variablelist"><dl class="variablelist"><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Create a personal OpenPGP key pair</span></span></span></dt><dd><p><acronym class="acronym">OpenPGP</acronym> key pairs are created locally, and certified by your friends and acquaintances. There is no central certification authority; instead, every individual creates a personal Web Of Trust by certifying other user's key pairs with his own certificate.</p><p>You have to enter a <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Name</span></span>, <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">EMail</span></span> and optional a <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Comment</span></span>.</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Create a personal X.509 key pair and certification request</span></span></span></dt><dd><p><acronym class="acronym">X.509</acronym> key pairs are created locally, but certified centrally by a certification authority (<acronym class="acronym">CA</acronym>). <acronym class="acronym">CA</acronym>s can certify other <acronym class="acronym">CA</acronym>s, creating a central, hierarchical chain of trust.</p><p>The next step in the wizard is to type in your personal data for the certificate. The fields to fill out are: </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Common Name (CN):</span></span> Your name;</p></li><li class="listitem"><p><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Email address (EMAIL):</span></span> Your email address; be sure to type this in correctly—this will be the address people will be sending mail to when they use your certificate.</p></li><li class="listitem"><p><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Location (L):</span></span> The town or city in which you live;</p></li><li class="listitem"><p><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Organizational unit (OU):</span></span> The organizational unit you are in (for example, "Logistics");</p></li><li class="listitem"><p><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Organization (O):</span></span> The organization you represent (for example, the company you work for);</p></li><li class="listitem"><p><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Country code (C):</span></span> The two letter code for the country in which you are living (for example, "US");</p></li></ul></div><p> </p><p> The next step in the wizard is to select whether to store the certificate in a file or send it directly to a <acronym class="acronym">CA</acronym>. You will have to specify the filename or email address to send the certificate request to. </p></dd></dl></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="key-revoke"></a>Revoking a key</h3></div></div></div><p>A key pair that has expired can be brought back into an operational state as long as you have access to the private key and the passphrase. To reliably render a key unusable you need to revoke it. Revoking is done by adding a special revocation signature to the key.</p><p>This revocation signature is stored in a separate file. This file can later be imported into the keyring and is then attached to the key rendering it unusable. Please note that to import this signature to the key no password is required. Therefore you should store this revocation signature in a safe place, usually one that is different from you key pair. It is a good advise to use a place that is detached from your computer, either copy it to an external storage device like an USB stick or print it out.</p><p><span class="application">Kleopatra</span> does not provide a function to create such a revocation signature at any time, but you can do that with the <span class="orgname">KDE</span> application <span class="application">KGpg</span> by choosing <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Keys</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Revoke key</span></span> and optionally importing the revocation signature to your keyring immediately.</p><p>An alternative way of generating a revocation certificate is to use <span class="application">GPG</span> directly from the command line: <strong class="userinput"><code>gpg --output <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>revocation_certificate</code></em></span>.asc --gen-revoke <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>your_key</code></em></span></code></strong>. The argument <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>your_key</code></em></span> must be a key specifier, either the key ID of your primary keypair or any part of a user ID that identifies your keypair.</p></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="functions-search.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="menu.html">Next</a></td></tr><tr><td class="prevCell">Searching and Importing Certificates </td><td class="upCell">Main Functions</td><td class="nextCell"> Menu Reference</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="introduction.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="functions-search.html">Next</a></td></tr><tr><td class="prevCell">Introduction </td><td class="upCell"> </td><td class="nextCell"> Searching and Importing Certificates</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="menu.html"><html><head><title>Chapter 3. Menu Reference</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="index.html" title="The Kleopatra Handbook"><link rel="prev" href="functions-newkey.html" title="Creating New Key Pairs"><link rel="next" href="menuview.html" title="View Menu"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Menu Reference</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="functions-newkey.html">Prev</a></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="menuview.html">Next</a></td></tr></table></div><div id="contentBody"><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="menu"></a>Chapter 3. Menu Reference</h1></div></div></div><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="menufile"></a>File Menu</h2></div></div></div><div class="variablelist"><dl class="variablelist"><dt><a name="file-new-key-pair"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">New Certificate...</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>N</strong></span></strong></span>)</span></dt><dd><p><span class="action">Creates a new key pair (public and private)</span> and allows to send the public part to a certification authority (<acronym class="acronym">CA</acronym>) for signing. The resulting certificate is then sent back to you, or stored in an <acronym class="acronym">LDAP</acronym> server for you to download into your local keybox, where you can use it to sign and decrypt mails.</p><p>This mode of operation is called <span class="quote">“<span class="quote">decentralized key generation</span>”</span>, since all keys are created locally. <span class="application">Kleopatra</span> (and <span class="application">GpgSM</span>) do not support <span class="quote">“<span class="quote">centralized key generation</span>”</span> directly, but you can import the public/secret key bundle that you receive from the <acronym class="acronym">CA</acronym> in PKCS#12 format via <a class="xref" href="menu.html#file-import-certificates"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Import Certificates...</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>I</strong></span></strong></span>) </a>.</p></dd><dt><a name="file-lookup-certificates"></a><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Lookup Certificates on Server...</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>Shift</strong></span>+<span class="keycap"><strong>I</strong></span></strong></span>) </span></dt><dd><p> <span class="action">Searches for, and imports, certificates from certificate servers into the local keybox.</span> See <a class="xref" href="functions-search.html" title="Searching and Importing Certificates">the section called “Searching and Importing Certificates”</a> for details. </p><p> You need to have key servers configured for this to work. See <a class="xref" href="configuration.html#configuration-directory-services" title="Configuring Directory Services">the section called “Configuring Directory Services”</a> for more details. </p></dd><dt><a name="file-import-certificates"></a><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Import Certificates...</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>I</strong></span></strong></span>) </span></dt><dd><p> <span class="action">Imports certificates and/or secret keys from files into the local keybox.</span> See <a class="xref" href="functions-search.html" title="Searching and Importing Certificates">the section called “Searching and Importing Certificates”</a> for details. </p><p> The format of the certificate file must be supported by <span class="application">GpgSM</span>/<span class="application">GPG</span>. Please refer to the <span class="application">GpgSM</span> and <span class="application">GPG</span> manuals for a list of supported formats. </p></dd><dt><a name="file-export-certificates"></a><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Export Certificates...</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>E</strong></span></strong></span>) </span></dt><dd><p> <span class="action">Exports the selected certificates to a file.</span> </p><p> The filename extension you choose for the export file name determines the format of the export file: </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> For <acronym class="acronym">OpenPGP</acronym> certificates, <code class="filename">gpg</code> and <code class="filename">pgp</code> will result in a binary file, whereas <code class="filename">asc</code> will result in an <acronym class="acronym">ASCII</acronym>-armored file. </p></li><li class="listitem"><p> For <acronym class="acronym">S/MIME</acronym> certificates, <code class="filename">der</code> will result in a binary, <acronym class="acronym">DER</acronym>-encoded file, whereas <code class="filename">pem</code> will result in an <acronym class="acronym">ASCII</acronym>-armored file. </p></li></ul></div><p> Unless multiple certificates are selected, <span class="application">Kleopatra</span> will propose <code class="filename"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>fingerprint</code></em></span>.{asc,pem}</code> as the export file name. </p><p> This function is only available when one or more certificates have been selected. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> This function exports only the public keys, even if the secret key is available. Use <a class="xref" href="menu.html#file-export-secret-key"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Export Secret Keys...</span></span> </a> to export the secret keys into a file. </p></div></dd><dt><a name="file-export-secret-key"></a><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Export Secret Keys...</span></span> </span></dt><dd><p> <span class="action">Exports the secret key to a file.</span> </p><p> In the dialog that opens, you can choose whether to create a binary or an <acronym class="acronym">ASCII</acronym>-armored export file (<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">ASCII armor</span></span>). Next click on the folder icon at the right hand side of the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Output file</span></span> text box and select folder and name of the export file. When exporting <acronym class="acronym">S/MIME</acronym> secret keys, you can also choose the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Passphrase charset</span></span>. See the discussion of the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--p12-charset <span class="replaceable"><em class="replaceable"><code>charset</code></em></span></code></span> option in the <span class="application">GpgSM</span> manual for more details. </p><p> This function is only available when exactly one certificate has been selected, and the secret key for that certificate is available. </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p> It should rarely be necessary to use this function, and if it is, it should be carefully planned. Planning the migration of a secret key involves choice of transport media and secure deletion of the key data on the old machine, as well as on the transport medium, among other things. </p></div></dd><dt><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Export Certificates to Server...</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>Shift</strong></span>+<span class="keycap"><strong>E</strong></span></strong></span>) </span></dt><dd><p> <span class="action">Publish the selected certificates on a keyserver</span> (<acronym class="acronym">OpenPGP</acronym> only). </p><p> The certificate is sent to the certificate server configured for <acronym class="acronym">OpenPGP</acronym> (cf. <a class="xref" href="configuration.html#configuration-directory-services" title="Configuring Directory Services">the section called “Configuring Directory Services”</a>), if that is set, otherwise to <code class="systemitem">keys.gnupg.net</code>. </p><p> This function is only available if at least one <acronym class="acronym">OpenPGP</acronym> (and no <acronym class="acronym">S/MIME</acronym>) certificates have been selected. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> When <acronym class="acronym">OpenPGP</acronym> certificates have been exported to a public directory server, it is nearly impossible to remove them again. Before exporting your certificate to a public directory server, make sure that you have created a revocation certificate so you can revoke the certificate if needed later. </p></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> Most public <acronym class="acronym">OpenPGP</acronym> certificate servers synchronize certificates amongst each other, so there is little point in sending to more than one. </p><p> It can happen that a search on a certificate server turns up no results even though you just have sent your certificate there. This is because most public keyserver addresses use <acronym class="acronym">DNS</acronym> round-robin to balance the load over multiple machines. These machines synchronize with each other, but usually only every 24 hours or so. </p></div></dd><dt><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Decrypt/Verify Files...</span></span> </span></dt><dd><p> <span class="action">Decrypts files and/or verifies signatures</span> over files. </p></dd><dt><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Sign/Encrypt Files...</span></span> </span></dt><dd><p> <span class="action">Signs and/or encrypts files.</span> </p></dd><dt><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Close</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>W</strong></span></strong></span>) </span></dt><dd><p> <span class="action">Closes <span class="application">Kleopatra</span>'s main window.</span> You can restore it from the system tray icon at any time. </p></dd><dt><a name="file-quit"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Quit</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>Q</strong></span></strong></span>)</span></dt><dd><p><span class="action">Terminates <span class="application">Kleopatra</span>.</span></p></dd></dl></div></div><FILENAME filename="menuview.html"><html><head><title>View Menu</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="menu.html" title="Chapter 3. Menu Reference"><link rel="prev" href="menu.html" title="Chapter 3. Menu Reference"><link rel="next" href="menucertificates.html" title="Certificates Menu"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> View Menu</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menu.html">Prev</a></td><td class="upCell">Menu Reference</td><td class="nextCell"><a accesskey="n" href="menucertificates.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="menuview"></a>View Menu</h2></div></div></div><div class="variablelist"><dl class="variablelist"><dt><a name="view-redisplay"></a><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Redisplay</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>F5</strong></span></strong></span>) </span></dt><dd><p> <span class="action">Refreshes the certificate list.</span> </p><p> Using this function is usually not necessary, as <span class="application">Kleopatra</span> monitors the file system for changes and automatically refreshes the certificate list when needed. </p></dd><dt><a name="view-stop-operation"></a><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Stop Operation</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Esc</strong></span></strong></span>) </span></dt><dd><p> <span class="action">Stops (cancels) all pending operations,</span> <abbr class="abbrev">e.g.</abbr> a search, keylisting, or a download. </p><p> This function is only available if at least one operation is active. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> Due to backend limitations, sometimes operations will hang in such a way that this function won't be able to cancel them, right away, or at all. </p><p> In such cases, the only way to restore order is to kill <span class="application">SCDaemon</span>, <span class="application">DirMngr</span>, <span class="application">GpgSM</span> and <span class="application">GPG</span> processes, in that order, via the operating system tools (<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>top</strong></span></span>, Task-Manager, <abbr class="abbrev">etc.</abbr>), until the operation get unblocked. </p></div></dd><dt><a name="view-certificate-details"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Certificate Details</span></span></span></dt><dd><p><span class="action">Shows the details of the currently selected certificate.</span></p><p>This function is only available if exactly one certificate is selected.</p><p>This function is also available by double-clicking the corresponding item in the list view directly.</p></dd><dt><a name="view-hierarchical-key-list"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Hierarchical Certificate List</span></span></span></dt><dd><p><span class="action"> Toggles between hierarchical and flat certificate list mode. </span></p><p>In hierarchical mode, certificates are arranged in issuer/subject relation, so it is easy to see which certification hierarchy a given certificate belongs to, but a given certificate is harder to find initially (though you can of course use the <a class="link" href="functions-search.html" title="Searching and Importing Certificates">search bar</a>).</p><p>In flat mode, all certificates are displayed in a flat list, sorted alphabetically. In this mode, a given certificate is easy to find, but it is not directly clear which root certificate it belongs to.</p><p> This function toggles hierarchical mode per tab, <abbr class="abbrev">i.e.</abbr> each tab has its own hierarchy state. This is so that you can have both a flat and a hierarchical listing at hand, each in its own tab. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> Hierarchical display is currently only implemented for <acronym class="acronym">S/MIME</acronym> certificates. There is disagreement amongst the developers regarding the correct way to display <acronym class="acronym">OpenPGP</acronym> certificates hierarchically (basically, <span class="quote">“<span class="quote">parent = signer</span>”</span> or <span class="quote">“<span class="quote">parent = signee</span>”</span>). </p></div></dd><dt><a name="view-expand-all"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Expand All</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>.</strong></span></strong></span>)</span></dt><dd><p><span class="action">Expands all list items in the certificate list view,</span> <abbr class="abbrev">i.e.</abbr> makes all items visible.</p><p>This is the default when entering hierarchical keylist mode.</p><p>You can still expand and collapse each individual item by itself, of course.</p><p>This function is only available when <a class="xref" href="menuview.html#view-hierarchical-key-list"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Hierarchical Certificate List</span></span></a> is on.</p></dd><dt><a name="view-collapse-all"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Collapse All</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>,</strong></span></strong></span>)</span></dt><dd><p><span class="action">Collapses all list items in the certificate list view,</span> <abbr class="abbrev">i.e.</abbr> hides all but the top-level items.</p><p>You can still expand and collapse each individual item by itself, of course.</p><p>This function is only available when <a class="xref" href="menuview.html#view-hierarchical-key-list"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Hierarchical Certificate List</span></span></a> is on.</p></dd></dl></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menu.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="menucertificates.html">Next</a></td></tr><tr><td class="prevCell">Menu Reference </td><td class="upCell">Menu Reference</td><td class="nextCell"> Certificates Menu</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="menucertificates.html"><html><head><title>Certificates Menu</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="menu.html" title="Chapter 3. Menu Reference"><link rel="prev" href="menuview.html" title="View Menu"><link rel="next" href="menutools.html" title="Tools Menu"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Certificates Menu</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menuview.html">Prev</a></td><td class="upCell">Menu Reference</td><td class="nextCell"><a accesskey="n" href="menutools.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="menucertificates"></a>Certificates Menu</h2></div></div></div><div class="variablelist"><dl class="variablelist"><dt><a name="certificates-change-owner-trust"></a><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Change Owner Trust...</span></span> </span></dt><dd><p> <span class="action">Changes the Owner Trust of the selected <acronym class="acronym">OpenPGP</acronym> certificate.</span> </p><p> This function is only available when exactly one <acronym class="acronym">OpenPGP</acronym> certificate is selected. </p></dd><dt><a name="certificates-trust-root"></a><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Trust Root Certificate</span></span> </span></dt><dd><p> <span class="action">Marks this (<acronym class="acronym">S/MIME</acronym>) root certificate as trusted.</span> </p><p> In some ways, this is the equivalent of <a class="xref" href="menucertificates.html#certificates-change-owner-trust"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Change Owner Trust...</span></span> </a> for <acronym class="acronym">S/MIME</acronym> root certificates. You can, however, only choose between—in <acronym class="acronym">OpenPGP</acronym> terms—<span class="quote">“<span class="quote">ultimate</span>”</span> trust and <span class="quote">“<span class="quote">never trust</span>”</span>. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> The backend (by way of <span class="application">GpgAgent</span>) will ask at root certificate import time whether to trust the imported root certificate. However, that function must be explicitly enabled in the backend configuration (<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">allow-mark-trusted</code></span> in <code class="filename">gpg-agent.conf</code>, or either <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">GnuPG System</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guisubmenu">GPG Agent</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Allow clients to mark keys as "trusted"</span></span> or <a class="link" href="configuration-smime-validation.html#configuration-smime-validation-allow-mark-trusted"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">S/MIME Validation</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Allow to mark root certificates as trusted</span></span></a> under <a class="xref" href="configuration.html" title="Chapter 5. Configuring Kleopatra">Chapter 5, <i>Configuring <span class="application">Kleopatra</span></i></a>). </p><p> Enabling that functionality in the backend can lead to popups from <span class="application">PinEntry</span> at inopportune times (<abbr class="abbrev">e.g.</abbr> when verifying signatures), and can thus block unattended email processing. For that reason, and because it is desirable to be able to <span class="emphasis"><em>distrust</em></span> a trusted root certificate again, <span class="application">Kleopatra</span> allows manual setting of trust. </p></div><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p> Due to lack of backend support for this function, <span class="application">Kleopatra</span> needs to work directly on the <span class="application">GpgSM</span> trust database (<code class="filename">trustlist.txt</code>). When using this function, make sure no other crypto operations are in progress that could race with <span class="application">Kleopatra</span> for modifications to that database. </p></div><p> This function is only available when exactly one <acronym class="acronym">S/MIME</acronym> root certificate is selected, and that certificate is not yet trusted. </p><p> Use <a class="xref" href="menucertificates.html#certificates-distrust-root"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Distrust Root Certificate</span></span> </a> to undo this function. </p></dd><dt><a name="certificates-distrust-root"></a><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Distrust Root Certificate</span></span> </span></dt><dd><p> <span class="action">Marks this (<acronym class="acronym">S/MIME</acronym>) root certificate as not trusted.</span> </p><p> This function is only available when exactly one <acronym class="acronym">S/MIME</acronym> root certificate is selected, and that certificate is currently trusted. </p><p> Used to undo <a class="xref" href="menucertificates.html#certificates-trust-root"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Trust Root Certificate</span></span> </a>. See there for details. </p></dd><dt><a name="certificates-certify"></a><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Certify Certificate...</span></span> </span></dt><dd><p> <span class="action">Allows you to certify another <acronym class="acronym">OpenPGP</acronym> certificate.</span> </p><p> This function is only available if exactly one <acronym class="acronym">OpenPGP</acronym> certificate is selected. </p></dd><dt><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Change Expiry Date...</span></span> </span></dt><dd><p> <span class="action">Allows to change the expiry date of your <acronym class="acronym">OpenPGP</acronym> certificate.</span> </p><p> Use this function to extend the lifetime of your <acronym class="acronym">OpenPGP</acronym> certificates as an alternative to either creating a new one, or using unlimited lifetime (<span class="quote">“<span class="quote">never expires</span>”</span>). </p><p> This function is only available if exactly one <acronym class="acronym">OpenPGP</acronym> certificate is selected, and the secret key is available for that certificate. </p></dd><dt><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Change Passphrase...</span></span> </span></dt><dd><p> <span class="action">Allows to change the passphrase of your secret key.</span> </p><p> This function is only available if exactly one certificate is selected, and the secret key is available for that certificate. It requires a very recent backend, since we changed the implementation from direct calling of <span class="application">GPG</span> and <span class="application">GpgSM</span> to a <span class="application">GpgME</span>-based one. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> For security reasons, both the old as well as the new passphrase is asked for by <span class="application">PinEntry</span>, a separate process. Depending on the platform you are running on and on the quality of the <span class="application">PinEntry</span> implementation on that platform, it may happen that the <span class="application">PinEntry</span> window comes up in the background. So, if you select this function and nothing happens, check the operating system's task bar in case a <span class="application">PinEntry</span> window is open in the background. </p></div></dd><dt><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Add User-ID...</span></span> </span></dt><dd><p> <span class="action">Allows to add a new User-ID to your <acronym class="acronym">OpenPGP</acronym> certificate.</span> </p><p> Use this to add new identities to an existing certificate as an alternative to creating a new key pair. An <acronym class="acronym">OpenPGP</acronym> user-ID has the following form: </p><pre class="programlisting"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>Real Name</code></em></span> [<span class="optional">(<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>Comment</code></em></span>)</span>] <<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>Email</code></em></span>></pre><p> In the dialog that comes up when you select this function, <span class="application">Kleopatra</span> will ask you for each of the three parameters (<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>Real Name</code></em></span>, <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>Comment</code></em></span> and <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>Email</code></em></span>) separately, and display the result in a preview. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> These parameters are subject to the same Administrator restrictions as in new certificates. See <a class="xref" href="functions-newkey.html" title="Creating New Key Pairs">the section called “Creating New Key Pairs”</a> and <a class="xref" href="admin.html#admin-certificate-request-wizard" title="Customization of the Certificate-Creation Wizard">the section called “Customization of the Certificate-Creation Wizard”</a> for details. </p></div><p> This function is only available when exactly one <acronym class="acronym">OpenPGP</acronym> certificate is selected, and the secret key is available for that certificate. </p></dd><dt><a name="certificates-delete"></a><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Delete</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Del</strong></span></strong></span>) </span></dt><dd><p> <span class="action">Deletes the selected certificates</span> from the local keyring. </p><p> Use this function to remove unused keys from your local keybox. However, since certificates are typically attached to signed emails, verifying an email might result in the key just removed to pop back into the local keybox. So it is probably best to avoid using this function as much as possible. When you are lost, use the <a class="link" href="functions-search.html" title="Searching and Importing Certificates">search bar</a> or the <a class="xref" href="menuview.html#view-hierarchical-key-list"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Hierarchical Certificate List</span></span></a> function to regain control over the lot of certificates. </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p> There is one exception to the above: When you delete one of your own certificates, you delete the secret key along with it. This implies that you will not be able to read past communication encrypted to you using this certificate, unless you have a backup somewhere. </p><p> <span class="application">Kleopatra</span> will warn you when you attempt to delete a secret key. </p></div><p> Due to the hierarchical nature of <acronym class="acronym">S/MIME</acronym> certificates, if you delete an <acronym class="acronym">S/MIME</acronym> issuer certificate (<acronym class="acronym">CA</acronym> certificate), all subjects are deleted, too.<a href="#ftn.idm687" class="footnote" name="idm687"><sup class="footnote">[1]</sup></a> </p><p> Naturally, this function is only available if you selected at least one certificate. </p></dd><dt><a name="certificates-dump-certificate"></a><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Dump Certificate</span></span> </span></dt><dd><p> <span class="action">Shows all information that <span class="application">GpgSM</span> has about the selected (<acronym class="acronym">S/MIME</acronym>) certificate.</span> </p><p> See the discussion about <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--dump-key <span class="replaceable"><em class="replaceable"><code>key</code></em></span></code></span> in the <span class="application">GpgSM</span> manual for details about the output. </p></dd></dl></div><div class="footnotes"><br><hr style="width:100; text-align:left;margin-left: 0"><div id="ftn.idm687" class="footnote"><p><a href="#idm687" class="para"><sup class="para">[1] </sup></a>This is the same as a filesystem: When you delete a folder, you delete all files and folders in it, too.</p></div></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menuview.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="menutools.html">Next</a></td></tr><tr><td class="prevCell">View Menu </td><td class="upCell">Menu Reference</td><td class="nextCell"> Tools Menu</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="menutools.html"><html><head><title>Tools Menu</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="menu.html" title="Chapter 3. Menu Reference"><link rel="prev" href="menucertificates.html" title="Certificates Menu"><link rel="next" href="menusettings.html" title="Settings Menu"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Tools Menu</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menucertificates.html">Prev</a></td><td class="upCell">Menu Reference</td><td class="nextCell"><a accesskey="n" href="menusettings.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="menutools"></a>Tools Menu</h2></div></div></div><div class="variablelist"><dl class="variablelist"><dt><a name="tools-gnupg-log-viewer"></a><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">GnuPG Log Viewer...</span></span> </span></dt><dd><p> <span class="action">Starts <a class="ulink" href="help:/kwatchgnupg/index.html" target="_top"><span class="application">KWatchGnuPG</span></a></span>, a tool to present the debug output of <span class="application">GnuPG</span> applications. If signing, encryption, or verification mysteriously stop working, you might find out why by looking at the log. </p><p> This function is not available on <span class="trademark">Windows</span>®, since the underlying mechanisms are not implemented in the backend on that platform. </p></dd><dt><a name="certificates-refresh-openpgp"></a><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Refresh OpenPGP Certificates</span></span> </span></dt><dd><p> <span class="action">Refreshes all <acronym class="acronym">OpenPGP</acronym> certificates</span> by executing </p><pre class="programlisting"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>gpg <span class="option"><code class="option">--refresh-keys</code></span></strong></span></span></pre><p> After successful completion of the command, your local keystore will reflect the latest changes with respect to validity of <acronym class="acronym">OpenPGP</acronym> certificates. </p><p> See note under <a class="xref" href="menutools.html#certificates-refresh-x509"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Refresh X.509 Certificates</span></span> </a> for some caveats. </p></dd><dt><a name="certificates-refresh-x509"></a><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Refresh X.509 Certificates</span></span> </span></dt><dd><p> <span class="action">Refreshes all <acronym class="acronym">S/MIME</acronym> certificates</span> by executing </p><pre class="programlisting"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>gpgsm <span class="option"><code class="option">-k</code></span> <span class="option"><code class="option">--with-validation</code></span> <span class="option"><code class="option">--force-crl-refresh</code></span> <span class="option"><code class="option">--enable-crl-checks</code></span></strong></span></span></pre><p> After successful completion of the command, your local keystore will reflect the latest changes with respect to validity of <acronym class="acronym">S/MIME</acronym> certificates. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> Refreshing <acronym class="acronym">X.509</acronym> or <acronym class="acronym">OpenPGP</acronym> certificates implies downloading all certificates and <acronym class="acronym">CRL</acronym>s, to check if any of them have been revoked in the meantime. </p><p> This can put a severe strain on your own as well as other people's network connections, and can take up to an hour or more to complete, depending on your network connection, and the number of certificates to check. </p></div></dd><dt><a name="file-import-crls"></a><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Import CRL From File...</span></span> </span></dt><dd><p> <span class="action">Lets you manually import <acronym class="acronym">CRL</acronym>s from files.</span> </p><p> Normally, Certificate Revocation Lists (<acronym class="acronym">CRL</acronym>s) are handled transparently by the backend, but it can sometimes be useful to import a <acronym class="acronym">CRL</acronym> manually into the local <acronym class="acronym">CRL</acronym> cache. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> For <acronym class="acronym">CRL</acronym> import to work, the <span class="application">DirMngr</span> tool must be in the search <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="envar"><code class="envar">PATH</code></span>. If this menu item is disabled, you should contact the system administrator and ask them to install <span class="application">DirMngr</span>. </p></div></dd><dt><a name="crls-clear-crl-cache"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Clear CRL Cache</span></span></span></dt><dd><p><span class="action">Clears the <span class="application">GpgSM</span> <acronym class="acronym">CRL</acronym> cache.</span></p><p>You probably never need this. You can force a refresh of the <acronym class="acronym">CRL</acronym> cache by selecting all certificates and using <a class="xref" href="menutools.html#certificates-refresh-x509"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Refresh X.509 Certificates</span></span> </a> instead.</p></dd><dt><a name="crls-dump-crl-cache"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Dump CRL Cache</span></span></span></dt><dd><p><span class="action">Shows the detailed contents of the <span class="application">GpgSM</span> <acronym class="acronym">CRL</acronym> cache.</span></p></dd></dl></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menucertificates.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="menusettings.html">Next</a></td></tr><tr><td class="prevCell">Certificates Menu </td><td class="upCell">Menu Reference</td><td class="nextCell"> Settings Menu</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="menusettings.html"><html><head><title>Settings Menu</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="menu.html" title="Chapter 3. Menu Reference"><link rel="prev" href="menutools.html" title="Tools Menu"><link rel="next" href="menuwindow.html" title="Window Menu"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Settings Menu</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menutools.html">Prev</a></td><td class="upCell">Menu Reference</td><td class="nextCell"><a accesskey="n" href="menuwindow.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="menusettings"></a>Settings Menu</h2></div></div></div><p><span class="application">Kleopatra</span> has a default <span class="orgname">KDE</span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Settings</span></span> menu as described in the <a class="ulink" href="help:/fundamentals/menus.html#menus-settings" target="_top"><span class="orgname">KDE</span> Fundamentals</a> with one additional entry:</p><div class="variablelist"><dl class="variablelist"><dt><a name="settings-self-test"></a><span class="term"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Settings</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Perform Self-Test</span></span> </span></dt><dd><p> <span class="action">Performs a set of self-tests and presents their result.</span> </p><p> This is the same set of tests that is run at startup by default. If you disabled startup-time self-tests, you can re-enable them here. </p></dd></dl></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menutools.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="menuwindow.html">Next</a></td></tr><tr><td class="prevCell">Tools Menu </td><td class="upCell">Menu Reference</td><td class="nextCell"> Window Menu</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="menuwindow.html"><html><head><title>Window Menu</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="menu.html" title="Chapter 3. Menu Reference"><link rel="prev" href="menusettings.html" title="Settings Menu"><link rel="next" href="menuhelp.html" title="Help Menu"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Window Menu</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menusettings.html">Prev</a></td><td class="upCell">Menu Reference</td><td class="nextCell"><a accesskey="n" href="menuhelp.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="menuwindow"></a>Window Menu</h2></div></div></div><p>The <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Window</span></span> menu allows you to manage the tabs. Using the items in this menu you can rename a tab, add a new tab, duplicate the current tab, close the current tab, and move the current tab to the left or right.</p><p>By clicking with the <span class="mousebutton">right</span> mouse button click on a tab you open a context menu, where you can also select the same actions.</p></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menusettings.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="menuhelp.html">Next</a></td></tr><tr><td class="prevCell">Settings Menu </td><td class="upCell">Menu Reference</td><td class="nextCell"> Help Menu</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="menuhelp.html"><html><head><title>Help Menu</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="menu.html" title="Chapter 3. Menu Reference"><link rel="prev" href="menuwindow.html" title="Window Menu"><link rel="next" href="commandline-options.html" title="Chapter 4. Command Line Options Reference"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Help Menu</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menuwindow.html">Prev</a></td><td class="upCell">Menu Reference</td><td class="nextCell"><a accesskey="n" href="commandline-options.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="menuhelp"></a>Help Menu</h2></div></div></div><p><span class="application">Kleopatra</span> has a default <span class="orgname">KDE</span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Help</span></span> menu as described in the <a class="ulink" href="help:/fundamentals/menus.html#menus-help" target="_top"><span class="orgname">KDE</span> Fundamentals</a>.</p></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menuwindow.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="commandline-options.html">Next</a></td></tr><tr><td class="prevCell">Window Menu </td><td class="upCell">Menu Reference</td><td class="nextCell"> Command Line Options Reference</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="functions-newkey.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="menuview.html">Next</a></td></tr><tr><td class="prevCell">Creating New Key Pairs </td><td class="upCell"> </td><td class="nextCell"> View Menu</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="commandline-options.html"><html><head><title>Chapter 4. Command Line Options Reference</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="index.html" title="The Kleopatra Handbook"><link rel="prev" href="menuhelp.html" title="Help Menu"><link rel="next" href="configuration.html" title="Chapter 5. Configuring Kleopatra"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Command Line Options Reference</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menuhelp.html">Prev</a></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="configuration.html">Next</a></td></tr></table></div><div id="contentBody"><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="commandline-options"></a>Chapter 4. Command Line Options Reference</h1></div></div></div><p>Only the options specific to <span class="application">Kleopatra</span> are listed here. As with all <span class="orgname">KDE</span> applications, you can get a complete list of options by issuing the command <strong class="userinput"><code><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>kleopatra <span class="option"><code class="option">--help</code></span></strong></span></span></code></strong>.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--uiserver-socket</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>argument</code></em></span></span></dt><dd><p>Location of the socket the ui server is listening on</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--daemon</code></span></span></dt><dd><p>Run UI server only, hide main window</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-p</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--openpgp</code></span></span></dt><dd><p>Use <acronym class="acronym">OpenPGP</acronym> for the following operation</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-c</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--cms</code></span></span></dt><dd><p>Use CMS (<acronym class="acronym">X.509</acronym>, S/<acronym class="acronym">MIME</acronym>) for the following operation</p></dd><dt><a name="commandline-option-import-certificate"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-i</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--import-certificate</code></span></span></dt><dd><p><span class="action">Specifies a file or <acronym class="acronym">URL</acronym> from which to import certificates (or secret keys) from.</span></p><p>This is the command line equivalent of <a class="xref" href="menu.html#file-import-certificates"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">File</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Import Certificates...</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>I</strong></span></strong></span>) </a>.</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-e</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--encrypt</code></span></span></dt><dd><p>Encrypt file(s)</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-s</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--sign</code></span></span></dt><dd><p>Sign file(s)</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-E</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--encrypt-sign</code></span></span></dt><dd><p>Encrypt and/or sign file(s). Same as <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--sign-encrypt</code></span>, do not use</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-d</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--decrypt</code></span></span></dt><dd><p>Decrypt file(s)</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-V</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--verify</code></span></span></dt><dd><p>Verify file/signature</p></dd><dt><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">-D</code></span> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="option"><code class="option">--decrypt-verify</code></span></span></dt><dd><p>Decrypt and/or verify file(s)</p></dd></dl></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="menuhelp.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="configuration.html">Next</a></td></tr><tr><td class="prevCell">Help Menu </td><td class="upCell"> </td><td class="nextCell"> Configuring <span class="application">Kleopatra</span></td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="configuration.html"><html><head><title>Chapter 5. Configuring Kleopatra</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="index.html" title="The Kleopatra Handbook"><link rel="prev" href="commandline-options.html" title="Chapter 4. Command Line Options Reference"><link rel="next" href="configuration-appearance.html" title="Configuring Appearance"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Configuring <span class="application">Kleopatra</span></div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="commandline-options.html">Prev</a></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="configuration-appearance.html">Next</a></td></tr></table></div><div id="contentBody"><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="configuration"></a>Chapter 5. Configuring <span class="application">Kleopatra</span></h1></div></div></div><p> <span class="application">Kleopatra</span>'s configure dialog can be accessed via <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Settings</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Configure <span class="application">Kleopatra</span>...</span></span> </p><p> Each of its pages is described in the sections below. </p><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="configuration-directory-services"></a>Configuring Directory Services</h2></div></div></div><p> On this page, you can configure which <acronym class="acronym">LDAP</acronym> servers to use for <acronym class="acronym">S/MIME</acronym> certificate searches, and which key servers to use for <acronym class="acronym">OpenPGP</acronym> certificate searches. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> This is simply a more user-friendly version of the same settings you also find in <a class="xref" href="configuration-gnupg-system.html" title="Configuring the GnuPG System">the section called “Configuring the <span class="application">GnuPG</span> System”</a>. Everything you can configure here, you can configure there, too. </p></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">A Note On Proxy Settings</h3><p> Proxy settings can be configured for <acronym class="acronym">HTTP</acronym> and <acronym class="acronym">LDAP</acronym> in <a class="xref" href="configuration-smime-validation.html" title="Configuring aspects of S/MIME Validation">the section called “Configuring aspects of S/<acronym class="acronym">MIME</acronym> Validation”</a>, but only for <span class="application">GpgSM</span>. For <span class="application">GPG</span>, due to the complexity of keyserver options in <span class="application">GPG</span> and lack of proper support for them in <span class="application">GpgConf</span>, you currently need to modify the config file <code class="filename">gpg.conf</code> directly. Please refer to the <span class="application">GPG</span> manual for details. <span class="application">Kleopatra</span> will preserve such settings, but does not yet allow to modify them in the <acronym class="acronym">GUI</acronym>. </p></div><p> The <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Directory services</span></span> table shows which servers are currently configured. Double-click on a cell in the table to change parameters of existing server entries. </p><p> The meaning of the columns in the table is as follows: </p><div class="variablelist"><dl class="variablelist"><dt><a name="configuration-directory-services-scheme"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Scheme</span></span></span></dt><dd><p> Determines the network protocol which is used to access the server. Often-used schemes include <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">ldap</span></span> (and its <acronym class="acronym">SSL</acronym>-secured sibling <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">ldaps</span></span>) for <acronym class="acronym">LDAP</acronym> servers (common protocol for <acronym class="acronym">S/MIME</acronym>; the only one supported by <span class="application">GpgSM</span>), and <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">hkp</span></span>, the Horowitz Keyserver Protocol, nowadays usually <acronym class="acronym">HTTP</acronym> Keyserver Protocol, a <acronym class="acronym">HTTP</acronym>-based protocol that virtually all public <acronym class="acronym">OpenPGP</acronym> keyservers support. </p><p> Please refer to the <span class="application">GPG</span> and <span class="application">GpgSM</span> manuals for a list of supported schemes. </p></dd><dt><a name="configuration-directory-services-server-name"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Server Name</span></span></span></dt><dd><p> The domain name of the server, <abbr class="abbrev">e.g.</abbr> <code class="systemitem">keys.gnupg.net</code>. </p></dd><dt><a name="configuration-directory-services-server-port"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Server Port</span></span></span></dt><dd><p> The network port the server is listening on. </p><p> This changes automatically to the default port when you change the <a class="xref" href="configuration.html#configuration-directory-services-scheme"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Scheme</span></span></a>, unless it was set to some non-standard port to begin with. If you changed the default port and cannot get it back, try setting <a class="xref" href="configuration.html#configuration-directory-services-scheme"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Scheme</span></span></a> to <strong class="userinput"><code>http</code></strong> and <a class="xref" href="configuration.html#configuration-directory-services-server-port"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Server Port</span></span></a> to <strong class="userinput"><code>80</code></strong> (the default for <acronym class="acronym">HTTP</acronym>), then take it from there. </p></dd><dt><a name="configuration-directory-services-base-dn"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Base DN</span></span></span></dt><dd><p> The Base-<acronym class="acronym">DN</acronym> (only for <acronym class="acronym">LDAP</acronym> and <acronym class="acronym">LDAPS</acronym>), <abbr class="abbrev">i.e.</abbr> the root of the <acronym class="acronym">LDAP</acronym> hierarchy to start from. This is often also called <span class="quote">“<span class="quote">search root</span>”</span> or <span class="quote">“<span class="quote">search base</span>”</span>. </p><p> It usually looks like <strong class="userinput"><code>c=de,o=Foo</code></strong>, given as part of the <acronym class="acronym">LDAP</acronym> <acronym class="acronym">URL</acronym>. </p></dd><dt><a name="configuration-directory-services-user-name"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">User Name</span></span></span></dt><dd><p> The user name, if any, to use for logging into the server. </p><p> This column is only shown if the option <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Show user and password information</span></span> (below the table) is checked. </p></dd><dt><a name="configuration-directory-services-password"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Password</span></span></span></dt><dd><p> The password, if any, to use for logging into the server. </p><p> This column is only shown if the option <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Show user and password information</span></span> (below the table) is checked. </p></dd><dt><a name="configuration-directory-services-x509"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">X.509</span></span></span></dt><dd><p> Check this column if this entry should be used for <acronym class="acronym">X.509</acronym> (<acronym class="acronym">S/MIME</acronym>) certificate searches. </p><p> Only <acronym class="acronym">LDAP</acronym> (and <acronym class="acronym">LDAPS</acronym>) servers are supported for <acronym class="acronym">S/MIME</acronym>. </p></dd><dt><a name="configuration-directory-services-openpgp"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">OpenPGP</span></span></span></dt><dd><p> Check this column if this entry should be used for <acronym class="acronym">OpenPGP</acronym> certificate searches. </p></dd></dl></div><p> You can configure as many <acronym class="acronym">S/MIME</acronym> (<acronym class="acronym">X.509</acronym>) servers as you want, but only one <acronym class="acronym">OpenPGP</acronym> server is allowed at any time. The <acronym class="acronym">GUI</acronym> will enforce this. </p><p> To add a new server, click on the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">New</span></span> button. This duplicates the selected entry, if any, or else inserts a default <acronym class="acronym">OpenPGP</acronym> server. Then you can set the <a class="xref" href="configuration.html#configuration-directory-services-server-name"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Server Name</span></span></a>, the <a class="xref" href="configuration.html#configuration-directory-services-server-port"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Server Port</span></span></a>, the <a class="xref" href="configuration.html#configuration-directory-services-base-dn"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Base DN</span></span></a>, and the usual <a class="xref" href="configuration.html#configuration-directory-services-password"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Password</span></span></a> and <a class="xref" href="configuration.html#configuration-directory-services-user-name"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">User Name</span></span></a>, both of which are only needed if the server requires authentication. </p><p> To directly insert an entry for <acronym class="acronym">X.509</acronym> certificates, use <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">New</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">X.509</span></span>; use <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">New</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">OpenPGP</span></span> for <acronym class="acronym">OpenPGP</acronym>. </p><p> To remove a server from the search list, select it in the list, then press the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Delete</span></span> button. </p><p> To set the <acronym class="acronym">LDAP</acronym> timeout, <abbr class="abbrev">i.e.</abbr> the maximum time the backend will wait for a server to respond, simply use the corresponding input field labeled <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">LDAP timeout (minutes:seconds)</span></span>. </p><p> If one of your servers has a large database, so that even reasonable searches like <strong class="userinput"><code>Smith</code></strong> hit the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">maximum number of items returned by query</span></span>, you might want to increase this limit. You can find out easily if you hit the limit during a search, since a dialog box will pop up in that case, telling you that the results have been truncated. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> Some servers may impose their own limits on the number of items returned from a query. In this case, increasing the limit here will not result in more returned items. </p></div></div><FILENAME filename="configuration-appearance.html"><html><head><title>Configuring Appearance</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="configuration.html" title="Chapter 5. Configuring Kleopatra"><link rel="prev" href="configuration.html" title="Chapter 5. Configuring Kleopatra"><link rel="next" href="configuration-crypto-operations.html" title="Configuring Crypto Operations"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Configuring Appearance</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="configuration.html">Prev</a></td><td class="upCell">Configuring <span class="application">Kleopatra</span></td><td class="nextCell"><a accesskey="n" href="configuration-crypto-operations.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="configuration-appearance"></a>Configuring Appearance</h2></div></div></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="configuration-appearance-tooltips"></a>Configuring <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Tooltips</span></span></h3></div></div></div><p> In the main certificate list, <span class="application">Kleopatra</span> can show details about a certificate in a tooltip. The information displayed is the same as in the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Overview</span></span> tab of the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Certificate Details</span></span> dialog. Tooltips, however, can be restricted to show only a subset of information for a less verbose experience. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> The <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Key-ID</span></span> is <span class="emphasis"><em>always</em></span> shown. This is to ensure that tooltips for different certificates do, in fact, differ (this is especially important if only <a class="xref" href="configuration-appearance.html#tooltips-validity"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Show validity</span></span></a> has been selected). </p></div><p> You can independently enable or disable the following information sets: </p><div class="variablelist"><dl class="variablelist"><dt><a name="tooltips-validity"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Show validity</span></span></span></dt><dd><p> Shows information about the validity of a certificate: its current status, issuer-<acronym class="acronym">DN</acronym> (<acronym class="acronym">S/MIME</acronym> only), expiry dates (if any) and certificate usage flags. </p><p> Example: </p><pre class="programlisting">This certificate is currently valid. Issuer: CN=Test-ZS 7,O=Intevation GmbH,C=DE Validity: from 25.08.2009 10:42 through 19.10.2010 10:42 Certificate usage: Signing EMails and Files, Encrypting EMails and Files Key-ID: DC9D9E43</pre><p> </p></dd><dt><a name="tooltips-owner"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Show owner information</span></span></span></dt><dd><p> Shows information about the owner of the certificate: subject-<acronym class="acronym">DN</acronym> (<acronym class="acronym">S/MIME</acronym> only), user-IDs (including emails addresses) and ownertrust (<acronym class="acronym">OpenPGP</acronym> only). </p><p> <acronym class="acronym">OpenPGP</acronym> example: </p><pre class="programlisting">User-ID: Gpg4winUserA <gpg4winusera@test.hq> Key-ID: C6BF6664 Ownertrust: ultimate</pre><p> <acronym class="acronym">S/MIME</acronym> example: </p><pre class="programlisting">Subject: CN=Gpg4winTestuserA,OU=Testlab,O=Gpg4win Project,C=DE a.k.a.: Gpg4winUserA@test.hq Key-ID: DC9D9E43</pre><p> </p></dd><dt><a name="tooltips-details"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Show technical details</span></span></span></dt><dd><p> Shows technical information about the certificate: serial number (<acronym class="acronym">S/MIME</acronym> only), type, fingerprint and storage location. </p><p> Example: </p><pre class="programlisting">Serial Number: 27 Certificate type: 1,024-bit RSA (secret certificate available) Key-ID: DC9D9E43 Fingerprint: 854F62EEEBB41BFDD3BE05D124971E09DC9D9E43 Stored: on this computer</pre><p> </p></dd></dl></div></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="configuration-appearance-certificate-filters"></a>Configuring <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Certificate Categories</span></span></h3></div></div></div><p> <span class="application">Kleopatra</span> allows you to customize the appearance of certificates in the list view. This includes showing a small icon, but you can also influence the foreground (text) and background colors, as well as the font. </p><p> Each certificate category in the list is assigned a set of colors, an icon (optional) and a font in which certificates from that category are displayed. The category list also acts as a preview of the settings. Categories can be freely defined by the administrator or the power user, see <a class="xref" href="admin-key-filters.html" title="Creating and Editing Key Categories">the section called “Creating and Editing Key Categories”</a> in <a class="xref" href="admin.html" title="Chapter 6. Administrator's Guide">Chapter 6, <i>Administrator's Guide</i></a>. </p><p> To set or change the icon of a category, select it in the list, and press the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Set Icon...</span></span> button. The standard <span class="orgname">KDE</span> icon selection dialog will appear where you can select an existing icon from the <span class="orgname">KDE</span> collection, or load a custom one. </p><p> To remove an icon again, you need to press the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Default Appearance</span></span> button. </p><p> To change the text (<abbr class="abbrev">i.e.</abbr> foreground) color of a category, select it in the list, and press the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Set Text Color...</span></span> button. The standard <span class="orgname">KDE</span> color selection dialog will appear where you can select an existing color or create a new one. </p><p> Changing the background color is done in the same way, just press <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Set Background Color...</span></span> instead. </p><p> To change the font, you basically have two options: </p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p> Modify the standard font, used for all list views in <span class="orgname">KDE</span>. </p></li><li class="listitem"><p> Use a custom font. </p></li></ol></div><p> The first option has the advantage that the font will follow whichever style you choose <span class="orgname">KDE</span>-wide, whereas the latter gives you full control over the font to use. The choice is yours. </p><p> To use the modified standard font, select the category in the list, and check or uncheck the font modifiers <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Italic</span></span>, <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Bold</span></span>, and/or <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Strikeout</span></span>. You can immediately see the effect on the font in the category list. </p><p> To use a custom font, press the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Set Font...</span></span> button. The standard <span class="orgname">KDE</span> font selection dialog will appear where you can select the new font. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> You can still use the font modifiers to change the custom font, just as for modifying the standard font. </p></div><p> To switch back to the standard font, you need to press the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Default Appearance</span></span> button. </p></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="configuration-dn-order"></a>Configuring <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">DN-Attribute Order</span></span></h3></div></div></div><p>Although <acronym class="acronym">DN</acronym>s are hierarchical, the order of the individual components (called relative <acronym class="acronym">DN</acronym>s (RDNs), or <acronym class="acronym">DN</acronym> attributes) is not defined. The order in which the attributes are shown is thus a matter of personal taste or company policy, which is why it is configurable in <span class="application">Kleopatra</span>.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>This setting does not only apply to <span class="application">Kleopatra</span>, but to all applications using <span class="application">Kleopatra</span> Technology. At the time of this writing, these include <span class="application">KMail</span>, <span class="application">KAddressBook</span>, as well as <span class="application">Kleopatra</span> itself, of course.</p></div><p>This configuration page basically consists of two lists, one for the known attributes (<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Available attributes</span></span>), and one describing the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Current attribute order</span></span>.</p><p>Both lists contain entries described by the short form of the attribute (<abbr class="abbrev">e.g.</abbr> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">CN</span></span>) as well as the spelled-out form (<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Common Name</span></span>).</p><p>The <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Available attributes</span></span> list is always sorted alphabetically, while the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Current attribute order</span></span> list's order reflects the configured <acronym class="acronym">DN</acronym> attribute order: the first attribute in the list is also the one displayed first.</p><p>Only attributes explicitly listed in the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Current attribute order</span></span> list are displayed at all. The rest is hidden by default.</p><p>However, if the placeholder entry <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">_X_</span></span> (<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">All others</span></span>) is in the <span class="quote">“<span class="quote">current</span>”</span> list, all unlisted attributes (whether known or not), are inserted at the point of <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">_X_</span></span>, in their original relative order.</p><p>A small example will help to make this more clear:</p><div class="informalexample"><p>Given the <acronym class="acronym">DN</acronym></p><div class="blockquote"><blockquote class="blockquote"><p> O=<span class="orgname">KDE</span>, C=US, CN=Dave Devel, X-BAR=foo, OU=<span class="application">Kleopatra</span>, X-FOO=bar, </p></blockquote></div><p>the default attribute order of <span class="quote">“<span class="quote">CN, L, _X_, OU, O, C</span>”</span> will produce the following formatted <acronym class="acronym">DN</acronym>:</p><div class="blockquote"><blockquote class="blockquote"><p> CN=Dave Devel, X-BAR=foo, X-FOO=bar, OU=<span class="application">Kleopatra</span>, O=<span class="orgname">KDE</span>, C=US </p></blockquote></div><p>while <span class="quote">“<span class="quote">CN, L, OU, O, C</span>”</span> will produce</p><div class="blockquote"><blockquote class="blockquote"><p> CN=Dave Devel, OU=<span class="application">Kleopatra</span>, O=<span class="orgname">KDE</span>, C=US </p></blockquote></div></div><p>To add an attribute to the display order list, select it in the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Available attributes</span></span> list, and press the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Add to current attribute order</span></span> button.</p><p>To remove an attribute from the display order list, select it in the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Current attribute order</span></span> list, and press the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Remove from current attribute order</span></span> button.</p><p>To move an attribute to the beginning (end), select it in the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Current attribute order</span></span> list, and press the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Move to top</span></span> (<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Move to bottom</span></span>) button.</p><p>To move an attribute up (down) one slot only, select it in the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Current attribute order</span></span> list, and press the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Move one up</span></span> (<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Move one down</span></span>) button.</p></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="configuration.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="configuration-crypto-operations.html">Next</a></td></tr><tr><td class="prevCell">Configuring <span class="application">Kleopatra</span> </td><td class="upCell">Configuring <span class="application">Kleopatra</span></td><td class="nextCell"> Configuring Crypto Operations</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="configuration-crypto-operations.html"><html><head><title>Configuring Crypto Operations</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="configuration.html" title="Chapter 5. Configuring Kleopatra"><link rel="prev" href="configuration-appearance.html" title="Configuring Appearance"><link rel="next" href="configuration-smime-validation.html" title="Configuring aspects of S/MIME Validation"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Configuring Crypto Operations</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="configuration-appearance.html">Prev</a></td><td class="upCell">Configuring <span class="application">Kleopatra</span></td><td class="nextCell"><a accesskey="n" href="configuration-smime-validation.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="configuration-crypto-operations"></a>Configuring Crypto Operations</h2></div></div></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="configuration-crypto-operations-email"></a>Configuring <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">EMail Operations</span></span></h3></div></div></div><p> Here you can configure some aspects of the email operations of <span class="application">Kleopatra</span>'s UiServer. Currently, you can only configure whether or not to use <span class="quote">“<span class="quote">Quick Mode</span>”</span> for signing and encrypting emails, individually. </p><p> When <span class="quote">“<span class="quote">Quick Mode</span>”</span> is enabled, no dialog is shown when signing (encrypting) emails, respectively, unless there is a conflict that needs manual resolution. </p></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="configuration-crypto-operations-file"></a>Configuring <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">File Operations</span></span></h3></div></div></div><p> Here you can configure some aspects of the file operations of <span class="application">Kleopatra</span>'s UiServer. Currently, you can only choose the checksum program to use for <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>CHECKSUM_CREATE_FILES</strong></span></span>. </p><p> Use <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Checksum program to use</span></span> to choose which of the configured checksum programs should be used when creating checksum files. </p><p> When verifying checksums, the program to use is automatically found, based on the names of the checksum files found. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> The administrator and power user can completely define which checksum programs to make available to <span class="application">Kleopatra</span> through so-called <span class="quote">“<span class="quote">Checksum Definitions</span>”</span> in the config file. See <a class="xref" href="admin-checksum-definitions.html" title="Configuring Checksum Programs for Use with Create/Verify Checksums">the section called “Configuring Checksum Programs for Use with Create/Verify Checksums”</a> in <a class="xref" href="admin.html" title="Chapter 6. Administrator's Guide">Chapter 6, <i>Administrator's Guide</i></a> for details. </p></div></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="configuration-appearance.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="configuration-smime-validation.html">Next</a></td></tr><tr><td class="prevCell">Configuring Appearance </td><td class="upCell">Configuring <span class="application">Kleopatra</span></td><td class="nextCell"> Configuring aspects of S/<acronym class="acronym">MIME</acronym> Validation</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="configuration-smime-validation.html"><html><head><title>Configuring aspects of S/MIME Validation</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="configuration.html" title="Chapter 5. Configuring Kleopatra"><link rel="prev" href="configuration-crypto-operations.html" title="Configuring Crypto Operations"><link rel="next" href="configuration-gnupg-system.html" title="Configuring the GnuPG System"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Configuring aspects of S/<acronym class="acronym">MIME</acronym> Validation</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="configuration-crypto-operations.html">Prev</a></td><td class="upCell">Configuring <span class="application">Kleopatra</span></td><td class="nextCell"><a accesskey="n" href="configuration-gnupg-system.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="configuration-smime-validation"></a>Configuring aspects of S/<acronym class="acronym">MIME</acronym> Validation</h2></div></div></div><p> On this page, you can configure certain aspects of the validation of <acronym class="acronym">S/MIME</acronym> certificates. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> For the most part, this is simply a more user-friendly version of the same settings you also find in <a class="xref" href="configuration-gnupg-system.html" title="Configuring the GnuPG System">the section called “Configuring the <span class="application">GnuPG</span> System”</a>. Everything you can configure here, you can configure there, too, with the exception of <a class="xref" href="configuration-smime-validation.html#configuration-smime-validation-refresh-interval"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Check certificate validity every <span class="replaceable"><em class="replaceable"><code>N</code></em></span> hours</span></span></a>, which is <span class="application">Kleopatra</span>-specific. </p></div><p> The meaning of the options is as follows: </p><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="configuration-smime-validation-interval-checking"></a>Configuring interval certificate checking</h3></div></div></div><div class="variablelist"><dl class="variablelist"><dt><a name="configuration-smime-validation-refresh-interval"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Check certificate validity every <span class="replaceable"><em class="replaceable"><code>N</code></em></span> hours</span></span></span></dt><dd><p> This option enables interval checking of certificate validity. You can also choose the checking interval (in hours). The effect of interval checking is the same as <a class="xref" href="menuview.html#view-redisplay"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">View</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Redisplay</span></span> (<span class="shortcut"><strong><span class="keycap"><strong>F5</strong></span></strong></span>) </a>; there is no provision for interval scheduling of <a class="xref" href="menutools.html#certificates-refresh-openpgp"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Refresh OpenPGP Certificates</span></span> </a> or <a class="xref" href="menutools.html#certificates-refresh-x509"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Refresh X.509 Certificates</span></span> </a>. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> Validation is performed implicitly whenever significant files in <code class="filename">~/.gnupg</code> change. This option, just like <a class="xref" href="menutools.html#certificates-refresh-openpgp"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Refresh OpenPGP Certificates</span></span> </a> and <a class="xref" href="menutools.html#certificates-refresh-x509"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Tools</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Refresh X.509 Certificates</span></span> </a>, therefore only affects external factors of certificate validity. </p></div></dd></dl></div></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="configuration-smime-validation-method"></a>Configuring validation method</h3></div></div></div><div class="variablelist"><dl class="variablelist"><dt><a name="configuration-smime-validation-use-crls"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Validate certificates using CRLs</span></span></span></dt><dd><p> If this option is selected, <acronym class="acronym">S/MIME</acronym> certificates are validated using Certificate Revocation Lists (<acronym class="acronym">CRL</acronym>s). </p><p> See <a class="xref" href="configuration-smime-validation.html#configuration-smime-validation-use-ocsp"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Validate certificates online (OCSP)</span></span></a> for alternative method of certificate validity checking. </p></dd><dt><a name="configuration-smime-validation-use-ocsp"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Validate certificates online (OCSP)</span></span></span></dt><dd><p> If this option is selected, <acronym class="acronym">S/MIME</acronym> certificates are validated online using the Online Certificates Status Protocol (<acronym class="acronym">OCSP</acronym>). </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p> When choosing this method, a request is sent to the server of the <acronym class="acronym">CA</acronym> more or less each time you send or receive a cryptographic message, thus theoretically allowing the certificate issuing agency to track whom you exchange (<abbr class="abbrev">e.g.</abbr>) mails with. </p></div><p> To use this method, you need to enter the <acronym class="acronym">URL</acronym> of the <acronym class="acronym">OCSP</acronym> responder into <a class="xref" href="configuration-smime-validation.html#configuration-smime-validation-ocsp-url"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">OCSP responder URL</span></span></a>. </p><p> See <a class="xref" href="configuration-smime-validation.html#configuration-smime-validation-use-ocsp"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Validate certificates online (OCSP)</span></span></a> for a more traditional method of certificate validity checking that does not leak information about whom you exchange messages with. </p></dd><dt><a name="configuration-smime-validation-ocsp-url"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">OCSP responder URL</span></span></span></dt><dd><p> Enter here the address of the server for online validation of certificates (<acronym class="acronym">OCSP</acronym> responder). The <acronym class="acronym">URL</acronym> usually starts with <code class="literal">http://</code>. </p></dd><dt><a name="configuration-smime-validation-ocsp-signature"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">OCSP responder signature</span></span></span></dt><dd><p> Choose here the certificate with which the <acronym class="acronym">OCSP</acronym> server signs its replies. </p></dd><dt><a name="configuration-smime-validation-ocsp-ignore-service-url"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Ignore service URL of certificates</span></span></span></dt><dd><p> Each <acronym class="acronym">S/MIME</acronym> certificate usually contains the <acronym class="acronym">URL</acronym> of its issuer's <acronym class="acronym">OCSP</acronym> responder (<a class="xref" href="menucertificates.html#certificates-dump-certificate"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Dump Certificate</span></span> </a> will reveal whether a given certificate contains it). </p><p> Checking this option makes <span class="application">GpgSM</span> ignore those <acronym class="acronym">URL</acronym>s and only use the one configured above. </p><p> Use this to <abbr class="abbrev">e.g.</abbr> enforce use of a company-wide <acronym class="acronym">OCSP</acronym> proxy. </p></dd></dl></div></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="configuration-smime-validation-options"></a>Configuring validation options</h3></div></div></div><div class="variablelist"><dl class="variablelist"><dt><a name="configuration-smime-validation-dont-check-cert-policy"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Do not check certificate policies</span></span></span></dt><dd><p> By default, <span class="application">GpgSM</span> uses the file <code class="filename">~/.gnupg/policies.txt</code> to check if a certificate policy is allowed. If this option is selected, policies are not checked. </p></dd><dt><a name="configuration-smime-validation-never-consult-crl"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Never consult a CRL</span></span></span></dt><dd><p> If this option is checked, Certificate Revocation Lists are never used to validate <acronym class="acronym">S/MIME</acronym> certificates. </p></dd><dt><a name="configuration-smime-validation-allow-mark-trusted"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Allow to mark root certificates as trusted</span></span></span></dt><dd><p> If this option is checked while a root <acronym class="acronym">CA</acronym> certificate is being imported, you will be asked to confirm its fingerprint and to state whether or not you consider this root certificate to be trusted. </p><p> A root certificate needs to be trusted before the certificates it certified become trusted, but lightly allowing trusted root certificates into your certificate store will undermine the security of the system. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> Enabling this functionality in the backend can lead to popups from <span class="application">PinEntry</span> at inopportune times (<abbr class="abbrev">e.g.</abbr> when verifying signatures), and can thus block unattended email processing. For that reason, and because it is desirable to be able to <span class="emphasis"><em>distrust</em></span> a trusted root certificate again, <span class="application">Kleopatra</span> allows manual setting of trust using <a class="xref" href="menucertificates.html#certificates-trust-root"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Trust Root Certificate</span></span> </a> and <a class="xref" href="menucertificates.html#certificates-distrust-root"> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenu">Certificates</span></span> → <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guimenuitem">Distrust Root Certificate</span></span> </a>. </p><p> This setting here does not influence the <span class="application">Kleopatra</span> function. </p></div></dd><dt><a name="configuration-smime-validation-fetch-missing-issuers"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Fetch missing issuer certificates</span></span></span></dt><dd><p> If this option is checked, missing issuer certificates are fetched when necessary (this applies to both validation methods, <acronym class="acronym">CRL</acronym>s and <acronym class="acronym">OCSP</acronym>). </p></dd></dl></div></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="configuration-smime-validation-http-options"></a>Configuring <acronym class="acronym">HTTP</acronym> request options</h3></div></div></div><div class="variablelist"><dl class="variablelist"><dt><a name="configuration-smime-validation-disable-http"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Do not perform any HTTP requests</span></span></span></dt><dd><p> Entirely disables the use of <acronym class="acronym">HTTP</acronym> for <acronym class="acronym">S/MIME</acronym>. </p></dd><dt><a name="configuration-smime-validation-ignore-http-dp"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Ignore HTTP CRL distribution point of certificates</span></span></span></dt><dd><p> When looking for the location of a <acronym class="acronym">CRL</acronym>, the to-be-tested certificate usually contains what are known as <span class="quote">“<span class="quote"><acronym class="acronym">CRL</acronym> Distribution Point</span>”</span> (<acronym class="acronym">DP</acronym>) entries, which are <acronym class="acronym">URL</acronym>s describing the way to access the <acronym class="acronym">CRL</acronym>. The first-found <acronym class="acronym">DP</acronym> entry is used. </p><p> With this option, all entries using the <acronym class="acronym">HTTP</acronym> scheme are ignored when looking for a suitable <acronym class="acronym">DP</acronym>. </p></dd><dt><a name="configuration-smime-validation-honor-http-proxy"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Use system HTTP proxy</span></span></span></dt><dd><p> If this option is selected, the value of the <acronym class="acronym">HTTP</acronym> proxy shown on the right (which comes from the environment variable <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="envar"><code class="envar">http_proxy</code></span>) will be used for any <acronym class="acronym">HTTP</acronym> request. </p></dd><dt><a name="configuration-smime-validation-custom-http-proxy"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Use this proxy for HTTP requests</span></span></span></dt><dd><p> If no system proxy is set, or you need to use a different proxy for <span class="application">GpgSM</span>, you can enter its location here. </p><p> It will be used for all <acronym class="acronym">HTTP</acronym> requests relating to S/<acronym class="acronym">MIME</acronym>. </p><p> The syntax is <strong class="userinput"><code><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>host</code></em></span><code class="literal">:</code><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>port</code></em></span></code></strong>, <abbr class="abbrev">e.g.</abbr> <strong class="userinput"><code>myproxy.nowhere.com:3128</code></strong>. </p></dd></dl></div></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="configuration-smime-validation-ldap-options"></a>Configuring <acronym class="acronym">LDAP</acronym> request options</h3></div></div></div><div class="variablelist"><dl class="variablelist"><dt><a name="configuration-smime-validation-disable-ldap"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Do not perform any LDAP requests</span></span></span></dt><dd><p> Entirely disables the use of <acronym class="acronym">LDAP</acronym> for <acronym class="acronym">S/MIME</acronym>. </p></dd><dt><a name="configuration-smime-validation-ignore-ldap-dp"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Ignore LDAP CRL distribution point of certificates</span></span></span></dt><dd><p> When looking for the location of a <acronym class="acronym">CRL</acronym>, the to-be-tested certificate usually contains what are known as "<acronym class="acronym">CRL</acronym> Distribution Point" (<acronym class="acronym">DP</acronym>) entries, which are <acronym class="acronym">URL</acronym>s describing the way to access the <acronym class="acronym">CRL</acronym>. The first found <acronym class="acronym">DP</acronym> entry is used. </p><p> With this option, all entries using the <acronym class="acronym">LDAP</acronym> scheme are ignored when looking for a suitable <acronym class="acronym">DP</acronym>. </p></dd><dt><a name="configuration-smime-validation-custom-ldap-proxy"></a><span class="term"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Primary host for LDAP requests</span></span></span></dt><dd><p> Entering an <acronym class="acronym">LDAP</acronym> server here will make all <acronym class="acronym">LDAP</acronym> requests go to that server first. More precisely, this setting overrides any specified <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>host</code></em></span> and <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>port</code></em></span> part in an <acronym class="acronym">LDAP</acronym> <acronym class="acronym">URL</acronym> and will also be used if <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>host</code></em></span> and <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>port</code></em></span> have been omitted from the <acronym class="acronym">URL</acronym>. </p><p> Other <acronym class="acronym">LDAP</acronym> servers will be used only if the connection to the <span class="quote">“<span class="quote">proxy</span>”</span> failed. The syntax is <strong class="userinput"><code><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>host</code></em></span></code></strong> or <strong class="userinput"><code><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>host</code></em></span><code class="literal">:</code><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>port</code></em></span></code></strong>. If <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>port</code></em></span> is omitted, port 389 (standard <acronym class="acronym">LDAP</acronym> port) is used. </p></dd></dl></div></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="configuration-crypto-operations.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="configuration-gnupg-system.html">Next</a></td></tr><tr><td class="prevCell">Configuring Crypto Operations </td><td class="upCell">Configuring <span class="application">Kleopatra</span></td><td class="nextCell"> Configuring the <span class="application">GnuPG</span> System</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="configuration-gnupg-system.html"><html><head><title>Configuring the GnuPG System</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="configuration.html" title="Chapter 5. Configuring Kleopatra"><link rel="prev" href="configuration-smime-validation.html" title="Configuring aspects of S/MIME Validation"><link rel="next" href="admin.html" title="Chapter 6. Administrator's Guide"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Configuring the <span class="application">GnuPG</span> System</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="configuration-smime-validation.html">Prev</a></td><td class="upCell">Configuring <span class="application">Kleopatra</span></td><td class="nextCell"><a accesskey="n" href="admin.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="configuration-gnupg-system"></a>Configuring the <span class="application">GnuPG</span> System</h2></div></div></div><p> This part of the dialog is auto-generated from the output of <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>gpgconf <span class="option"><code class="option">--list-components</code></span></strong></span></span> and, for each <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>component</code></em></span> that the above command returns, the output of <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>gpgconf <span class="option"><code class="option">--list-options</code></span> <span class="replaceable"><em class="replaceable"><code>component</code></em></span></strong></span></span>. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> The most useful of these options have been duplicated as separate pages in the <span class="application">Kleopatra</span> config dialog. See <a class="xref" href="configuration.html#configuration-directory-services" title="Configuring Directory Services">the section called “Configuring Directory Services”</a> and <a class="xref" href="configuration-smime-validation.html" title="Configuring aspects of S/MIME Validation">the section called “Configuring aspects of S/<acronym class="acronym">MIME</acronym> Validation”</a> for the two dialog pages which contain selected options from this part of the dialog. </p></div><p> The exact content of this part of the dialog depends on the version of the <span class="application">GnuPG</span> backend you have installed and, potentially, the platform you run on. Thus, we will only discuss the general layout of the dialog, including the mapping from <span class="application">GpgConf</span> option to <span class="application">Kleopatra</span> <acronym class="acronym">GUI</acronym> control. </p><p> <span class="application">GpgConf</span> returns configuration information for multiple components. Inside each component, individual options are combined into groups. </p><p> <span class="application">Kleopatra</span> displays one tab per component reported by <span class="application">GpgConf</span>; groups are headed by a horizontal line displaying the group name as returned from <span class="application">GpgConf</span>. </p><p> Each <span class="application">GpgConf</span> option has a type. Except for certain well-known options which <span class="application">Kleopatra</span> backs with specialised controls for a better user experience, the mapping between <span class="application">GpgConf</span> types and <span class="application">Kleopatra</span> controls is as follows: </p><div class="table"><a name="table-gpgconf-types"></a><p class="title"><b>Table 5.1. Mapping From <span class="application">GpgConf</span> Types To <acronym class="acronym">GUI</acronym> Controls</b></p><div class="table-contents"><table class="table" summary="Mapping From GpgConf Types To GUI Controls" border="1"><colgroup><col class="type"><col align="center" class="lists"><col align="center" class="non-lists"></colgroup><thead><tr><th rowspan="2"><span class="application">GpgConf</span> type</th><th colspan="2" align="center"><span class="application">Kleopatra</span> control</th></tr><tr><th align="center">for lists</th><th align="center">for non-lists</th></tr></thead><tbody><tr><td><code class="literal">none</code></td><td align="center">Spinbox (<span class="quote">“<span class="quote">count</span>”</span>-semantics)</td><td align="center">Checkbox</td></tr><tr><td><code class="literal">string</code></td><td align="center"><acronym class="acronym">N/A</acronym></td><td align="center">Lineedit</td></tr><tr><td><code class="literal">int32</code></td><td rowspan="2" align="center">Lineedit (unformatted)</td><td rowspan="2" align="center">Spinbox</td></tr><tr><td><code class="literal">uint32</code></td></tr><tr><td><code class="literal">pathname</code></td><td align="center"><acronym class="acronym">N/A</acronym></td><td align="center">specialised control</td></tr><tr><td><code class="literal">ldap server</code></td><td align="center">specialised control</td><td align="center"><acronym class="acronym">N/A</acronym></td></tr><tr><td><code class="literal">key fingerprint</code></td><td rowspan="4" colspan="2" align="center"><acronym class="acronym">N/A</acronym></td></tr><tr><td><code class="literal">pub key</code></td></tr><tr><td><code class="literal">sec key</code></td></tr><tr><td><code class="literal">alias list</code></td></tr></tbody></table></div></div><br class="table-break"><p> See the <span class="application">GpgConf</span> manual for more information about what you can configure here, and how. </p></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="configuration-smime-validation.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="admin.html">Next</a></td></tr><tr><td class="prevCell">Configuring aspects of S/<acronym class="acronym">MIME</acronym> Validation </td><td class="upCell">Configuring <span class="application">Kleopatra</span></td><td class="nextCell"> Administrator's Guide</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="commandline-options.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="configuration-appearance.html">Next</a></td></tr><tr><td class="prevCell">Command Line Options Reference </td><td class="upCell"> </td><td class="nextCell"> Configuring Appearance</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="admin.html"><html><head><title>Chapter 6. Administrator's Guide</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="index.html" title="The Kleopatra Handbook"><link rel="prev" href="configuration-gnupg-system.html" title="Configuring the GnuPG System"><link rel="next" href="admin-key-filters.html" title="Creating and Editing Key Categories"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Administrator's Guide</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="configuration-gnupg-system.html">Prev</a></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="admin-key-filters.html">Next</a></td></tr></table></div><div id="contentBody"><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="admin"></a>Chapter 6. Administrator's Guide</h1></div></div></div><p>This Administrator's Guide describes ways to customize <span class="application">Kleopatra</span> that are not accessible via the <acronym class="acronym">GUI</acronym>, but only via config files.</p><p>It is assumed that the reader is familiar with the technology used for <span class="orgname">KDE</span> application configuration, including layout, file system location and cascading of <span class="orgname">KDE</span> config files, as well as the KIOSK framework.</p><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="admin-certificate-request-wizard"></a>Customization of the Certificate-Creation Wizard</h2></div></div></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="admin-certificate-request-wizard-dn"></a>Customizing the <acronym class="acronym">DN</acronym> fields</h3></div></div></div><p><span class="application">Kleopatra</span> allows you to customize the fields that the user is allowed to enter in order to create their certificate.</p><p>Create a group called <code class="literal">CertificateCreationWizard</code> in the system-wide <code class="filename">kleopatrarc</code>. If you want a custom order of attributes or if you only want certain items to appear, create a key called <code class="varname">DNAttributeOrder</code>. The argument is one or more of <code class="varname">CN,SN,GN,L,T,OU,O,PC,C,SP,DC,BC,EMAIL</code> If you want to initialize fields with a certain value, write something like Attribute=value. If you want the attribute to be treated as a required one, append an exclamation mark (e.g. <code class="varname">CN!,L,OU,O!,C!,EMAIL!</code>, which happens to be the default configuration).</p><p> Using the <acronym class="acronym">KIOSK</acronym> mode modifier <code class="varname">$e</code> allows to retrieve the values from environment variables or from an evaluated script or binary. If you want to disallow editing of the respective field in addition, use the modifier <code class="varname">$i</code>. If you want to disallow the use <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guibutton">Insert My Address</span></span> button, set <code class="varname">ShowSetWhoAmI</code> to false.</p><div class="tip" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Tip</h3><p> Due to the nature of the <span class="orgname">KDE</span> <acronym class="acronym">KIOSK</acronym> framework, using the immutable flag (<code class="varname">$i</code>) makes it impossible for the user to override the flag. This is intended behavior. <code class="varname">$i</code> and <code class="varname">$e</code> can be used with all other config keys in <span class="orgname">KDE</span> applications as well.</p></div><p>The following example outlines possible customizations:</p><p> </p><pre class="programlisting"> [CertificateCreationWizard] ;Disallow to copy personal data from the addressbook, do not allow local override ShowSetWhoAmI[$i]=false ;sets the user name to $USER CN[$e]=$USER ;sets the company name to "My Company", disallows editing O[$i]=My Company ;sets the department name to a value returned by a script OU[$ei]=$(lookup_dept_from_ip) ; sets country to DE, but allows for changes by the user C=DE </pre><p> </p></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="admin-certificate-request-wizard-keys"></a>Restricting the Types of Keys a User is Allowed to Create</h3></div></div></div><p> <span class="application">Kleopatra</span> also allows to restrict which type of certificates a user is allowed to create. Note, however, that an easy way around these restrictions is to just create one on the command line. </p><div class="sect3"><div class="titlepage"><div><div><h4 class="title"><a name="admin-certificate-request-wizard-keys-type"></a>Public Key Algorithms</h4></div></div></div><p> To restrict the public key algorithm to use, add the config key <code class="varname">PGPKeyType</code> (and <code class="varname">CMSKeyType</code>, but only <acronym class="acronym">RSA</acronym> is supported for <acronym class="acronym">CMS</acronym> anyway) to the <code class="literal">CertificateCreationWizard</code> section of <code class="filename">kleopatrarc</code>. </p><p> The allowed values are <code class="literal">RSA</code> for <acronym class="acronym">RSA</acronym> keys, <code class="literal">DAS</code> for <acronym class="acronym">DSA</acronym> (sign-only) keys, and <code class="literal">DSA+ELG</code> for a <acronym class="acronym">DSA</acronym> (sign-only) key with an Elgamal subkey for encryption. </p><p> The default is read from <span class="application">GpgConf</span> or else <code class="literal">RSA</code> if <span class="application">GpgConf</span> doesn't provide a default. </p></div><div class="sect3"><div class="titlepage"><div><div><h4 class="title"><a name="admin-certificate-request-wizard-keys-size"></a>Public Key Size</h4></div></div></div><p> To restrict the available keys sizes for a public algorithm, add the config key <code class="varname"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code><ALG></code></em></span>KeySizes</code> (where <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>ALG</code></em></span> may be <code class="literal">RSA</code>, <code class="literal">DSA</code> or <code class="literal">ELG</code>) to the <code class="literal">CertificateCreationWizard</code> section of <code class="filename">kleopatrarc</code>, containing a comma-separated list of keysizes (in bits). A default may be indicated by prefixing the keysize with a hyphen (<code class="literal">-</code>). </p><p> </p><pre class="programlisting"> RSAKeySizes = 1536,-2048,3072 </pre><p> </p><p> The above would restrict allowed <acronym class="acronym">RSA</acronym> key sizes to 1536, 2048 and 3072, with 2048 the default. </p><p> In addition to the sizes themselves, you may also specify labels for each of the sizes. Simply set the config key <code class="varname"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>ALG</code></em></span>KeySizeLabels</code> to a comma-separated list of labels. </p><p> </p><pre class="programlisting"> RSAKeySizeLabels = weak,normal,strong </pre><p> </p><p> The above, in connection with the previous example, would print something like the following options for selection: </p><pre class="programlisting"> weak (1536 bits) normal (2048 bits) strong (3072 bits) </pre><p> </p><p> The defaults are as if the following was in effect: </p><pre class="programlisting"> RSAKeySizes = 1536,-2048,3072,4096 RSAKeySizeLabels = DSAKeySizes = -1024,2048 DSAKeySizeLabels = v1,v2 ELGKeySizes = 1536,-2048,3072,4096 </pre><p> </p></div></div></div><FILENAME filename="admin-key-filters.html"><html><head><title>Creating and Editing Key Categories</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="admin.html" title="Chapter 6. Administrator's Guide"><link rel="prev" href="admin.html" title="Chapter 6. Administrator's Guide"><link rel="next" href="admin-archive-definitions.html" title="Configuring Archivers for Use with Sign/Encrypt Files"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Creating and Editing Key Categories</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="admin.html">Prev</a></td><td class="upCell">Administrator's Guide</td><td class="nextCell"><a accesskey="n" href="admin-archive-definitions.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="admin-key-filters"></a>Creating and Editing Key Categories</h2></div></div></div><p> <span class="application">Kleopatra</span> allows the user to configure the <a class="link" href="configuration-appearance.html#configuration-appearance-certificate-filters" title="Configuring Certificate Categories">visual appearance</a> of keys based on a concept called <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Key Categories</span></span>. <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="guiitem"><span class="guilabel">Key Categories</span></span> are also used to filter the list of certificates. This section describes how you can edit the available categories and add new ones. </p><p> When trying to find the category a key belongs to, <span class="application">Kleopatra</span> tries to match the key to a sequence of key filters, configured in the <code class="filename">libkleopatrarc</code>. The first one to match defines the category, based on a concept of <span class="emphasis"><em>specificity</em></span>, explained further below. </p><p> Each key filter is defined in a config group named <code class="literal">Key Filter #<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>n</code></em></span></code>, where <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>n</code></em></span> is a number, starting from <code class="literal">0</code>. </p><p> The only mandatory keys in a <code class="literal">Key Filter #<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>n</code></em></span></code> group are <code class="varname">Name</code>, containing the name of the category as displayed in the <a class="link" href="configuration-appearance.html#configuration-appearance-certificate-filters" title="Configuring Certificate Categories">config dialog</a>, and <code class="varname">id</code>, which is used as a reference for the filter in other configuration sections (such as <code class="literal">View #<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>n</code></em></span></code>). </p><p> <a class="xref" href="admin-key-filters.html#table-key-filters-appearance" title="Table 6.1. Key-Filter Configuration Keys Defining Display Properties">Table 6.1, “Key-Filter Configuration Keys Defining Display Properties”</a> lists all keys that define the display properties of keys belonging to that category (<abbr class="abbrev">i.e.</abbr> those keys that can be adjusted in the <a class="link" href="configuration-appearance.html#configuration-appearance-certificate-filters" title="Configuring Certificate Categories">config dialog</a>), whereas <a class="xref" href="admin-key-filters.html#table-key-filters-criteria" title="Table 6.2. Key-Filter Configuration Keys Defining Filter Criteria">Table 6.2, “Key-Filter Configuration Keys Defining Filter Criteria”</a> lists all keys that define the criteria the filter matches keys against. </p><div class="table"><a name="table-key-filters-appearance"></a><p class="title"><b>Table 6.1. Key-Filter Configuration Keys Defining Display Properties</b></p><div class="table-contents"><table class="table" summary="Key-Filter Configuration Keys Defining Display Properties" border="1"><colgroup><col><col align="center"><col></colgroup><thead><tr><th>Config Key</th><th align="center">Type</th><th>Description</th></tr></thead><tbody><tr><td><code class="varname">background-color</code></td><td align="center">color</td><td> The background color to use. If missing, defaults to whichever background color is defined globally for list views. </td></tr><tr><td><code class="varname">foreground-color</code></td><td align="center">color</td><td> The foreground color to use. If missing, defaults to whichever foreground color is defined globally for list views. </td></tr><tr><td><code class="varname">font</code></td><td align="center">font</td><td> The custom font to use. The font will be scaled to the size configured for list views, and any font attributes (see below) will be applied. </td></tr><tr><td><code class="varname">font-bold</code></td><td align="center">boolean</td><td> If set to <code class="literal">true</code> and <code class="varname">font</code> is not set, uses the default list view font with bold font style added (if available). Ignored if <code class="varname">font</code> is also present. </td></tr><tr><td><code class="varname">font-italic</code></td><td align="center">boolean</td><td> Analogous to <code class="varname">font-bold</code>, but for italic font style instead of bold. </td></tr><tr><td><code class="varname">font-strikeout</code></td><td align="center">boolean</td><td> If <code class="literal">true</code>, draws a centered line over the font. Applied even if <code class="varname">font</code> is set. </td></tr><tr><td><code class="varname">icon</code></td><td align="center">text</td><td> The name of an icon to show in the first column. Not yet implemented. </td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="table-key-filters-criteria"></a><p class="title"><b>Table 6.2. Key-Filter Configuration Keys Defining Filter Criteria</b></p><div class="table-contents"><table class="table" summary="Key-Filter Configuration Keys Defining Filter Criteria" border="1"><colgroup><col><col align="center"><col></colgroup><thead><tr><th>Config Key</th><th align="center">Type</th><th>If specified, filter matches when...</th></tr></thead><tbody><tr><td><code class="varname">is-revoked</code></td><td align="center">boolean</td><td>the key has been revoked.</td></tr><tr><td><code class="varname">match-context</code></td><td align="center"> context<a href="#ftn.idm1755" class="footnote" name="idm1755"><sup class="footnote">[a]</sup></a> </td><td>the context in which this filter matches.</td></tr><tr><td><code class="varname">is-expired</code></td><td align="center">boolean</td><td>the key is expired.</td></tr><tr><td><code class="varname">is-disabled</code></td><td align="center">boolean</td><td> the key has been disabled (marked for not using) by the user. Ignored for <acronym class="acronym">S/MIME</acronym> keys. </td></tr><tr><td><code class="varname">is-root-certificate</code></td><td align="center">boolean</td><td> the key is a root certificate. Ignored for <acronym class="acronym">OpenPGP</acronym> keys. </td></tr><tr><td><code class="varname">can-encrypt</code></td><td align="center">boolean</td><td> the key can be used for encryption. </td></tr><tr><td><code class="varname">can-sign</code></td><td align="center">boolean</td><td> the key can be used for signing. </td></tr><tr><td><code class="varname">can-certify</code></td><td align="center">boolean</td><td> the key can be used for signing (certifying) other keys. </td></tr><tr><td><code class="varname">can-authenticate</code></td><td align="center">boolean</td><td> the key can be used for authentication (<abbr class="abbrev">e.g.</abbr> as an <acronym class="acronym">TLS</acronym> client certificate). </td></tr><tr><td><code class="varname">is-qualified</code></td><td align="center">boolean</td><td> the key can be used to make Qualified Signatures (as defined by the German Digital Signature Law). </td></tr><tr><td><code class="varname">is-cardkey</code></td><td align="center">boolean</td><td> the key material is stored on a smartcard (instead of on the computer). </td></tr><tr><td><code class="varname">has-secret-key</code></td><td align="center">boolean</td><td> the secret key for this key pair is available. </td></tr><tr><td><code class="varname">is-openpgp-key</code></td><td align="center">boolean</td><td> the key is an <acronym class="acronym">OpenPGP</acronym> key (<code class="literal">true</code>), or an <acronym class="acronym">S/MIME</acronym> key (<code class="literal">false</code>). </td></tr><tr><td><code class="varname">was-validated</code></td><td align="center">boolean</td><td> the key has been validated. </td></tr><tr><td><code class="varname"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>prefix</code></em></span>-ownertrust</code></td><td align="center"> validity<a href="#ftn.idm1834" class="footnote" name="idm1834"><sup class="footnote">[b]</sup></a> </td><td> the key has exactly (<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>prefix</code></em></span> = <code class="literal">is</code>), has anything but (<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>prefix</code></em></span> = <code class="literal">is-not</code>), has at least (<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>prefix</code></em></span> = <code class="literal">is-at-least</code>), or has at most (<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>prefix</code></em></span> = <code class="literal">is-at-most</code>) the ownertrust given as the value of the config key. If more than one <code class="varname"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>prefix</code></em></span>-ownertrust</code> keys (with different <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>prefix</code></em></span> values) are present in a single group, the behavior is undefined. </td></tr><tr><td><code class="varname"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>prefix</code></em></span>-validity</code></td><td align="center">validity</td><td> Analogous to <code class="varname"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>prefix</code></em></span>-ownertrust</code>, but for key validity instead of ownertrust. </td></tr></tbody><tbody class="footnotes"><tr><td colspan="3"><div id="ftn.idm1755" class="footnote"><p><a href="#idm1755" class="para"><sup class="para">[a] </sup></a> Context is an enumeration with the following allowed values: <code class="literal">appearance</code>, <code class="literal">filtering</code> and <code class="literal">any</code>.</p></div><div id="ftn.idm1834" class="footnote"><p><a href="#idm1834" class="para"><sup class="para">[b] </sup></a> Validity is an (ordered) enumeration with the following allowed values: <code class="literal">unknown</code>, <code class="literal">undefined</code>, <code class="literal">never</code>, <code class="literal">marginal</code>, <code class="literal">full</code>, <code class="literal">ultimate</code>. See the <span class="application">GPG</span> and <span class="application">GpgSM</span> manuals for a detailed explanation.</p></div></td></tr></tbody></table></div></div><br class="table-break"><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> Some of the more interesting criteria, such as <code class="varname">is-revoked</code> or <code class="varname">is-expired</code> will only work on <span class="emphasis"><em>validated</em></span> keys, which is why, by default, only validated keys are checked for revocation and expiration, although you are free to remove these extra checks. </p></div><p> In addition to the config keys listed above, a key filter may also have an <code class="varname">id</code> and <code class="varname">match-contexts</code>. </p><p> Using the filter's <code class="varname">id</code>, which defaults to the filter's config group name if not given or empty, you can reference the key filter elsewhere in the configuration, <abbr class="abbrev">e.g.</abbr> in <span class="application">Kleopatra</span>'s View configurations. The <code class="varname">id</code> is not interpreted by <span class="application">Kleopatra</span>, so you can use any string you like, as long as it's unique. </p><p> The <code class="varname">match-contexts</code> limits the applicability of the filter. Two contexts are currently defined: The <code class="literal">appearance</code> context is used when defining coloring and font properties for the views. The <code class="literal">filtering</code> context is used to selectively include (and exclude) certificate from views. <code class="literal">any</code> can be used to signify all currently defined contexts, and is the default if <code class="varname">match-contexts</code> is not given, or otherwise produces no contexts. This ensures that no key filter can end up <span class="quote">“<span class="quote">dead</span>”</span>, <abbr class="abbrev">i.e.</abbr> with no contexts to apply it in. </p><p> The format of the entry is a list of tokens, separated by non-word characters. Each of the tokens is optionally prefixed by an exclamation point (<code class="literal">!</code>), indicating negation. The tokens act in order on an internal list of contexts, which starts out empty. This is best explained by an example: <code class="literal">any !appearance</code> is the same as <code class="literal">filtering</code>, and <code class="literal">appearance !appearance</code> is producing the empty set, as is <code class="literal">!any</code>. However, the last two will be internally replaced by <code class="literal">any</code>, since they produce no contexts at all. </p><p> In general, criteria not specified (<abbr class="abbrev">i.e.</abbr> the config entry is not set) are not checked for. If a criterion is given, it is checked for and must match for the filter as a whole to match, <abbr class="abbrev">i.e.</abbr> the criteria are AND'ed together. </p><p> Each filter has an implied <span class="quote">“<span class="quote">specificity</span>”</span> that is used to rank all matching filters. The more specific filter wins over less specific ones. If two filters have the same specificity, the one that comes first in the config file wins. A filter's specificity is proportional to the number of criteria it contains. </p><div class="example"><a name="idm1898"></a><p class="title"><b>Example 6.1. Examples of key filters</b></p><div class="example-contents"><p> To check for all expired, but non-revoked root certificates, you would use a key filter defined as follows: </p><pre class="screen">[Key Filter #<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>n</code></em></span>] Name=expired, but not revoked was-validated=true is-expired=true is-revoked=false is-root-certificate=true ; ( specificity 4 )</pre><p> To check for all disabled <acronym class="acronym">OpenPGP</acronym> keys (not yet supported by <span class="application">Kleopatra</span>) with ownertrust of at least <span class="quote">“<span class="quote">marginal</span>”</span>, you would use: </p><pre class="screen">[Key Filter #<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>n</code></em></span>] Name=disabled OpenPGP keys with marginal or better ownertrust is-openpgp=true is-disabled=true is-at-least-ownertrust=marginal ; ( specificity 3 )</pre></div></div><br class="example-break"></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="admin.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="admin-archive-definitions.html">Next</a></td></tr><tr><td class="prevCell">Administrator's Guide </td><td class="upCell">Administrator's Guide</td><td class="nextCell"> Configuring Archivers for Use with Sign/Encrypt Files</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="admin-archive-definitions.html"><html><head><title>Configuring Archivers for Use with Sign/Encrypt Files</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="admin.html" title="Chapter 6. Administrator's Guide"><link rel="prev" href="admin-key-filters.html" title="Creating and Editing Key Categories"><link rel="next" href="admin-checksum-definitions.html" title="Configuring Checksum Programs for Use with Create/Verify Checksums"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Configuring Archivers for Use with Sign/Encrypt Files</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="admin-key-filters.html">Prev</a></td><td class="upCell">Administrator's Guide</td><td class="nextCell"><a accesskey="n" href="admin-checksum-definitions.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="admin-archive-definitions"></a>Configuring Archivers for Use with Sign/Encrypt Files</h2></div></div></div><p> <span class="application">Kleopatra</span> allows the administrator (and power-user) to configure the list of archivers that are presented in the Sign/Encrypt Files dialog. </p><p> Each archiver is defined in <code class="filename">libkleopatrarc</code> as a separate <code class="literal">Archive Definition #<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>n</code></em></span></code> group, with the following mandatory keys: </p><div class="variablelist"><dl class="variablelist"><dt><a name="archive-definition-extensions"></a><span class="term"><code class="literal">extensions</code></span></dt><dd><p> A comma-separated list of filename extensions that usually indicate this archive format. </p></dd><dt><a name="archive-definition-id"></a><span class="term"><code class="literal">id</code></span></dt><dd><p> A unique ID used to identify this archiver internally. If in doubt, use the name of the command. </p></dd><dt><a name="archive-definition-Name"></a><span class="term"><code class="literal">Name</code> (translated)</span></dt><dd><p> The user-visible name of this archiver, as shown in the corresponding drop-down menu of the Sign/Encrypt Files dialog. </p></dd><dt><a name="archive-definition-pack-command"></a><span class="term"><code class="literal">pack-command</code></span></dt><dd><p> The actual command to archive files. You can use any command, as long as no shell is required to execute it. The program file is looked up using the <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="envar"><code class="envar">PATH</code></span> environment variable, unless you use an absolute file path. Quoting is supported as if a shell was used: </p><pre class="programlisting">pack-command="/opt/ZIP v2.32/bin/zip" -r -</pre><p> </p></dd></dl></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title"><a name="backslashes-in-config-keys"></a>Note</h3><p> Since backslash (<code class="literal">\</code>) is an escape character in <span class="orgname">KDE</span> config files, you need to double them when they appear in path names: </p><pre class="programlisting">pack-command=C:\\Programs\\GNU\\tar\\gtar.exe ...</pre><p> However, for the command itself (as opposed to its arguments), you may just use forward slashes (<code class="literal">/</code>) as path separators on all platforms: </p><pre class="programlisting">pack-command=C:/Programs/GNU/tar/gtar.exe ...</pre><p> This is not supported in arguments, as most <span class="trademark">Windows</span>® programs use the forward slash for options. For example, the following will not work, since <code class="literal">C:/myarchivescript.bat</code> is an argument to <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>cmd.exe</strong></span></span>, and <code class="literal">/</code> is not converted to <code class="literal">\</code> in arguments, only commands: </p><pre class="programlisting">pack-command=cmd.exe C:/myarchivescript.bat</pre><p> This needs, instead, to be written as: </p><pre class="programlisting">pack-command=cmd.exe C:\\myarchivescript.bat</pre><p> </p></div><div class="sect2"><div class="titlepage"><div><div><h3 class="title"><a name="admin-archive-definitions-filename-passing"></a>Input Filename Passing for <code class="literal">pack-command</code></h3></div></div></div><p> There are three ways to pass filenames to the pack command. For each of these, <code class="literal">pack-command</code> provides a particular syntax: </p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>As command-line arguments.</p><p> Example (tar): </p><pre class="programlisting">pack-command=tar cf -</pre><p> Example (zip): </p><pre class="programlisting">pack-command=zip -r - %f</pre><p> In this case, filenames are passed on the command line, just like you would when using the command prompt. <span class="application">Kleopatra</span> does not use a shell to execute the command. Therefore, this is a safe way of passing filenames, but it might run into command line length restrictions on some platforms. A literal <code class="literal">%f</code>, if present, is replaced by the names of the files to archive. Otherwise, filenames are appended to the command line. Thus, the zip Example above could equivalently be written like this: </p><pre class="programlisting">pack-command=zip -r -</pre><p> </p></li><li class="listitem"><p>Via standard-in, separated by newlines: prepend <code class="literal">|</code>.</p><p> Example (<acronym class="acronym">GNU</acronym>-tar): </p><pre class="programlisting">pack-command=|gtar cf - -T-</pre><p> Example (ZIP): </p><pre class="programlisting">pack-command=|zip -@ -</pre><p> In this case, filenames are passed to the archiver on <acronym class="acronym">stdin</acronym>, one per line. This avoids problems on platforms which place a low limit on the number of command line arguments that are allowed, but fails when filenames, in fact, contain newlines. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> <span class="application">Kleopatra</span> currently only supports <acronym class="acronym">LF</acronym> as a newline separator, not <acronym class="acronym">CRLF</acronym>. This might change in future versions, based on user feedback. </p></div></li><li class="listitem"><p>Via standard-in, separated by NUL-bytes: prepend <code class="literal">0|</code>.</p><p> Example (<acronym class="acronym">GNU</acronym>-tar): </p><pre class="programlisting">pack-command=0|gtar cf - -T- --null</pre><p> This is the same as above, except that NUL bytes are used to separate filenames. Since NUL bytes are forbidden in filenames, this is the most robust way of passing filenames, but not all archivers support it. </p></li></ol></div></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="admin-key-filters.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="admin-checksum-definitions.html">Next</a></td></tr><tr><td class="prevCell">Creating and Editing Key Categories </td><td class="upCell">Administrator's Guide</td><td class="nextCell"> Configuring Checksum Programs for Use with Create/Verify Checksums</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="admin-checksum-definitions.html"><html><head><title>Configuring Checksum Programs for Use with Create/Verify Checksums</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="admin.html" title="Chapter 6. Administrator's Guide"><link rel="prev" href="admin-archive-definitions.html" title="Configuring Archivers for Use with Sign/Encrypt Files"><link rel="next" href="credits-and-license.html" title="Chapter 7. Credits and License"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Configuring Checksum Programs for Use with Create/Verify Checksums</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="admin-archive-definitions.html">Prev</a></td><td class="upCell">Administrator's Guide</td><td class="nextCell"><a accesskey="n" href="credits-and-license.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="admin-checksum-definitions"></a>Configuring Checksum Programs for Use with Create/Verify Checksums</h2></div></div></div><p> <span class="application">Kleopatra</span> allows the administrator (and power-user) to configure the list of checksum programs that the user can choose from in the config dialog and that <span class="application">Kleopatra</span> is able to auto-detect when asked to verify a given file's checksum. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> To be usable by <span class="application">Kleopatra</span>, output of checksum programs (both the written checksum file, as well as the output on <acronym class="acronym">stdout</acronym> when verifying checksums) needs to be compatible with <acronym class="acronym">GNU</acronym> <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>md5sum</strong></span></span> and <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="command"><span class="command"><strong>sha1sum</strong></span></span>. </p><p> Specifically, the checksum file needs to be line-based with each line having the following format: </p><pre class="programlisting"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>CHECKSUM</code></em></span> ' ' ( ' ' | '*' ) <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>FILENAME</code></em></span></pre><p> where <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>CHECKSUM</code></em></span> consists of hex-characters only. If <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>FILENAME</code></em></span> contains a newline character, the line must instead read: </p><pre class="programlisting">\<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>CHECKSUM</code></em></span> ' ' ( ' ' | '*' ) <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>ESCAPED-FILENAME</code></em></span></pre><p> where <span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>ESCAPED-FILENAME</code></em></span> is the filename with newlines replaced by <code class="literal">\n</code>s, and backslashes doubled (<code class="literal">\</code>↦<code class="literal">\\</code>). </p><p> Similarly, the output of <a class="xref" href="admin-checksum-definitions.html#checksum-definition-verify-command"><code class="literal">verify-command</code></a> must be of the form </p><pre class="programlisting"><span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>FILENAME</code></em></span> ( ': OK' | ': FAILED' )</pre><p> separated by newlines. Newlines and other characters are <span class="emphasis"><em>not</em></span> escaped in the output.<a href="#ftn.idm2017" class="footnote" name="idm2017"><sup class="footnote">[2]</sup></a> </p></div><p> Each checksum program is defined in <code class="filename">libkleopatrarc</code> as a separate <code class="literal">Checksum Definition #<span xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="replaceable"><em class="replaceable"><code>n</code></em></span></code> group, with the following mandatory keys: </p><div class="variablelist"><dl class="variablelist"><dt><a name="checksum-definition-file-patterns"></a><span class="term"><code class="literal">file-patterns</code></span></dt><dd><p> A list of regular expressions that describe which files should be considered checksum files for this checksum program. The syntax is the one used for string lists in <span class="orgname">KDE</span> config files. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> Since regular expressions usually contain backslashes, care must be taken to properly escape them in the config file. The use of a config file editing tool is recommended. </p></div><p> The platform defines whether the patterns are treated case-sensitive or case-insensitive. </p></dd><dt><a name="checksum-definition-output-file"></a><span class="term"><code class="literal">output-file</code></span></dt><dd><p> The typical output filename for this checksum program (should match one of the <a class="xref" href="admin-checksum-definitions.html#checksum-definition-file-patterns"><code class="literal">file-patterns</code></a>, of course). This is what <span class="application">Kleopatra</span> will use as the output filename when creating checksum files of this type. </p></dd><dt><a name="checksum-definition-id"></a><span class="term"><code class="literal">id</code></span></dt><dd><p> A unique ID used to identify this checksum program internally. If in doubt, use the name of the command. </p></dd><dt><a name="checksum-definition-Name"></a><span class="term"><code class="literal">Name</code> (translated)</span></dt><dd><p> The user-visible name of this checksum program, as shown in the drop-down menu in <span class="application">Kleopatra</span>'s config dialog. </p></dd><dt><a name="checksum-definition-create-command"></a><span class="term"><code class="literal">create-command</code></span></dt><dd><p> The actual command with which to create checksum files. The syntax, restrictions and argument passing options are the same as described for <a class="xref" href="admin-archive-definitions.html#archive-definition-pack-command"><code class="literal">pack-command</code></a> in <a class="xref" href="admin-archive-definitions.html" title="Configuring Archivers for Use with Sign/Encrypt Files">the section called “Configuring Archivers for Use with Sign/Encrypt Files”</a>. </p></dd><dt><a name="checksum-definition-verify-command"></a><span class="term"><code class="literal">verify-command</code></span></dt><dd><p> Same as <a class="xref" href="admin-checksum-definitions.html#checksum-definition-create-command"><code class="literal">create-command</code></a>, but for checksum verification. </p></dd></dl></div><p> Here is a complete example: </p><pre class="programlisting"> [Checksum Definition #1] file-patterns=sha1sum.txt output-file=sha1sum.txt id=sha1sum-gnu Name=sha1sum (GNU) Name[de]=sha1sum (GNU) ... create-command=sha1sum -- %f verify-command=sha1sum -c -- %f </pre><p> </p><div class="footnotes"><br><hr style="width:100; text-align:left;margin-left: 0"><div id="ftn.idm2017" class="footnote"><p><a href="#idm2017" class="para"><sup class="para">[2] </sup></a> Yes, these programs were not written with graphical frontends in mind, and <span class="application">Kleopatra</span> will fail to correctly parse pathological filenames that contain ": OK" plus newline in them. </p></div></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="admin-archive-definitions.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="credits-and-license.html">Next</a></td></tr><tr><td class="prevCell">Configuring Archivers for Use with Sign/Encrypt Files </td><td class="upCell">Administrator's Guide</td><td class="nextCell"> Credits and License</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="configuration-gnupg-system.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="admin-key-filters.html">Next</a></td></tr><tr><td class="prevCell">Configuring the <span class="application">GnuPG</span> System </td><td class="upCell"> </td><td class="nextCell"> Creating and Editing Key Categories</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="credits-and-license.html"><html><head><title>Chapter 7. Credits and License</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, Kapp, X509, OpenPGP, PGP, LDAP, gpg, gpgsm, certificate"><link rel="home" href="index.html" title="The Kleopatra Handbook"><link rel="up" href="index.html" title="The Kleopatra Handbook"><link rel="prev" href="admin-checksum-definitions.html" title="Configuring Checksum Programs for Use with Create/Verify Checksums"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Credits and License</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="admin-checksum-definitions.html">Prev</a></td><td class="upCell"> </td><td class="nextCell"></td></tr></table></div><div id="contentBody"><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="credits-and-license"></a>Chapter 7. Credits and License</h1></div></div></div><p><span class="application">Kleopatra</span> copyright 2002 <span class="firstname">Steffen</span> <span class="surname">Hansen</span>, <span class="firstname">Matthias</span> <span class="othername">Kalle</span> <span class="surname">Dalheimer</span> and <span class="firstname">Jesper</span> <span class="surname">Pedersen</span>., copyright 2004 <span class="firstname">Daniel</span> <span class="surname">Molkentin</span>, copyright 2004, 2007, 2008, 2009, 2010 Klarälvdalens Datakonsult AB</p><p>Documentation copyright 2002 <span class="firstname">Steffen</span> <span class="surname">Hansen</span>, copyright 2004 <span class="firstname">Daniel</span> <span class="surname">Molkentin</span>, copyright 2004, 2010 Klarälvdalens Datakonsult AB</p><div class="itemizedlist"><p class="title"><b>Contributors</b></p><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="firstname">Marc</span> <span class="surname">Mutz</span> <code class="email">(mutz AT kde.org)</code></p></li><li class="listitem"><p><span class="firstname">David</span> <span class="surname">Faure</span> <code class="email">(faure AT kde.org)</code></p></li><li class="listitem"><p><span class="firstname">Steffen</span> <span class="surname">Hansen</span> <code class="email">(hansen AT kde.org)</code></p></li><li class="listitem"><p><span class="firstname">Matthias</span> <span class="othername">Kalle</span> <span class="surname">Dalheimer</span> <code class="email">(kalle AT kde.org)</code></p></li><li class="listitem"><p><span class="firstname">Jesper</span> <span class="surname">Pedersen</span> <code class="email">(blackie AT kde.org)</code></p></li><li class="listitem"><p><span class="firstname">Daniel</span> <span class="surname">Molkentin</span> <code class="email">(molkentin AT kde.org)</code></p></li></ul></div><p><a name="gnu-fdl"></a>This documentation is licensed under the terms of the <a class="ulink" href="help:/kdoctools5-common/fdl-license.html" target="_top">GNU Free Documentation License</a>.</p><p>This program is licensed under the terms of the <a class="ulink" href="help:/kdoctools5-common/gpl-license.html" target="_top">GNU General Public License</a>.</p></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="admin-checksum-definitions.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"></td></tr><tr><td class="prevCell">Configuring Checksum Programs for Use with Create/Verify Checksums </td><td class="upCell"> </td><td class="nextCell"> </td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="introduction.html">Next</a></td></tr><tr><td class="prevCell"> </td><td class="upCell"> </td><td class="nextCell"> Introduction</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME>
Generated by dwww version 1.15 on Wed May 22 06:46:50 CEST 2024.